CVE-2020-14593 : Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (compon

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).

Published 2020-07-15 18:15:25

Updated 2022-10-27 22:58:51

Source Oracle

View at NVD, CVE.org

Products affected by CVE-2020-14593

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 11.0.7
cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 14.0.1
cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.8.0 Update Update251
cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.7.0 Update Update261
cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.8.0 Update Update251
cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 20.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 31
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 32
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.2
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Workflow Automation » Version: N/A
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Insight » Version: N/A
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Matching versions
Netapp » Cloud Backup » Version: N/A
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Matching versions
Netapp » Snapmanager » Version: N/A For SAP
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
Matching versions
Netapp » Snapmanager » Version: N/A For Oracle
cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*
Matching versions
Netapp » Steelstore Cloud Integrated Storage » Version: N/A
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Matching versions
Netapp » Storagegrid
Versions from including (>=) 9.0.0 and up to, including, (<=) 9.0.4
cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*
Matching versions
Netapp » Storagegrid » Version: N/A
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Os Controller
Versions from including (>=) 11.0.0 and up to, including, (<=) 11.70.2
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Web Services » Version: N/A For Web Services Proxy
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
Matching versions
Netapp » Active Iq Unified Manager » For Vsphere
Versions from including (>=) 9.5
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*
Matching versions
Netapp » Active Iq Unified Manager » For Windows
Versions from including (>=) 7.3
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
Matching versions
Netapp » 7-mode Transition Tool » Version: N/A
cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
Matching versions
Netapp » Santricity Unified Manager » Version: N/A
cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Performance Analyzer » Version: N/A
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
Matching versions
Netapp » Cloud Secure Agent » Version: N/A
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2020-14593

Top countries where our scanners detected CVE-2020-14593

Top open port discovered on systems with this issue 80

IPs affected by CVE-2020-14593 834

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2020-14593!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2020-14593

EPSS FAQ

0.33%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 54 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-14593

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
7.4	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N	2.8	4.0	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: None Integrity: High Availability: None
7.4	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N	2.8	4.0	Oracle
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: None Integrity: High Availability: None

References for CVE-2020-14593

https://security.gentoo.org/glsa/202209-15

Oracle JDK/JRE: Multiple vulnerabilities (GLSA 202209-15) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/

[SECURITY] Fedora 31 Update: java-1.8.0-openjdk-1.8.0.262.b10-1.fc31 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html

[security-announce] openSUSE-SU-2020:1893-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2020/dsa-4734

Debian -- Security Information -- DSA-4734-1 openjdk-11
Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpujul2020.html

Oracle Critical Patch Update Advisory - July 2020
Patch;Vendor Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202008-24

OpenJDK: Multiple vulnerabilities (GLSA 202008-24) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/

[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.262.b10-1.fc32 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/

Mailing List;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4433-1/

USN-4433-1: OpenJDK vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20200717-0005/

July 2020 Java Platform Standard Edition Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html

[security-announce] openSUSE-SU-2020:1191-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4453-1/

USN-4453-1: OpenJDK 8 vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html

[SECURITY] [DLA 2325-1] openjdk-8 security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html

[security-announce] openSUSE-SU-2020:1175-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/

[SECURITY] Fedora 31 Update: java-11-openjdk-11.0.8.10-2.fc31 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-14593

Products affected by CVE-2020-14593

Threat overview for CVE-2020-14593

Exploit prediction scoring system (EPSS) score for CVE-2020-14593

CVSS scores for CVE-2020-14593

References for CVE-2020-14593