Vulnerability Details : CVE-2020-14578

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Vulnerability category: Denial of service

Published 2020-07-15 18:15:24

Updated 2022-10-27 23:00:00

Source Oracle

View at NVD, CVE.org

Threat overview for CVE-2020-14578

Top countries where our scanners detected CVE-2020-14578

Top open port discovered on systems with this issue 80

IPs affected by CVE-2020-14578 176

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2020-14578!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2020-14578

Probability of exploitation activity in the next 30 days: 0.32%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-14578

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	nvd@nist.gov
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L	2.2	1.4	nvd@nist.gov
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low
3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L	2.2	1.4	secalert_us@oracle.com
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low

References for CVE-2020-14578

https://security.gentoo.org/glsa/202209-15

Oracle JDK/JRE: Multiple vulnerabilities (GLSA 202209-15) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/

[SECURITY] Fedora 31 Update: java-1.8.0-openjdk-1.8.0.262.b10-1.fc31 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html

[security-announce] openSUSE-SU-2020:1893-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2020/dsa-4734

Debian -- Security Information -- DSA-4734-1 openjdk-11
Third Party Advisory

CVEs referencing this url
https://kc.mcafee.com/corporate/index?page=content&id=SB10332

McAfee Security Bulletin - ePolicy Orchestrator update addresses multiple vulnerabilities (CVE-2020-7317, CVE-2020-7318, CVE-2020-13935, CVE-2020-9484, CVE-2020-14621, CVE-2020-14573, CVE-2020-14578,
Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpujul2020.html

Oracle Critical Patch Update Advisory - July 2020
Patch;Vendor Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202008-24

OpenJDK: Multiple vulnerabilities (GLSA 202008-24) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/

[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.262.b10-1.fc32 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20200717-0005/

July 2020 Java Platform Standard Edition Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4453-1/

USN-4453-1: OpenJDK 8 vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html

[SECURITY] [DLA 2325-1] openjdk-8 security update
Mailing List;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2020-14578

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.8.0 Update Update251
cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.7.0 Update Update261
cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.8.0 Update Update251
cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.9.0
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 1
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 2
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 3
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.9.1
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 4
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 5
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 6
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 7
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*
Matching versions
Mcafee » Epolicy Orchestrator » Version: 5.10.0 Update Update 8
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 20.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 31
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 32
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.2
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Workflow Automation » Version: N/A
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Insight » Version: N/A
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Matching versions
Netapp » Cloud Backup » Version: N/A
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Matching versions
Netapp » Snapmanager » Version: N/A For SAP
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
Matching versions
Netapp » Snapmanager » Version: N/A For Oracle
cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*
Matching versions
Netapp » Steelstore Cloud Integrated Storage » Version: N/A
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Matching versions
Netapp » Storagegrid
Versions from including (>=) 9.0.0 and up to, including, (<=) 9.0.4
cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*
Matching versions
Netapp » Storagegrid » Version: N/A
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Os Controller
Versions from including (>=) 11.0.0 and up to, including, (<=) 11.70.2
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Web Services » Version: N/A For Web Services Proxy
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
Matching versions
Netapp » Active Iq Unified Manager » For Windows
Versions from including (>=) 7.3
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
Matching versions
Netapp » Active Iq Unified Manager » For Vsphere
Versions from including (>=) 9.5
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*
Matching versions
Netapp » 7-mode Transition Tool » Version: N/A
cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
Matching versions
Netapp » Santricity Unified Manager » Version: N/A
cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Performance Analyzer » Version: N/A
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
Matching versions
Netapp » Cloud Secure Agent » Version: N/A
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
Matching versions