CVE-2020-14781 is an unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVEID:CVE-2020-14781
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190099 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
DataQuant for z/OS | 2.1 |
Please see “Workarounds and Mitigations”.
Use the following instructions to download the latest JRE version from the IBM Java download portal and replace it with the JRE you are currently invoking.
Steps to update JRE - DataQuant:
Close DataQuant.
Download JRE (IBM_DevelopmentPackage_for_Eclipse_Win_X86_32_6.6.15) and extract the files to a temporary location.
Replace jre folder at the install directory location –> “C:\Program Files\IBM\IBM DataQuant\DataQuant for Workstation”. Replace with contents in step above.
Download eclipse oxygen from <https://www.eclipse.org/downloads/download.php?file=/technology/epp/downloads/release/oxygen/3a/eclipse-jee-oxygen-3a-win32-x86_64.zip>
Extract the eclipse oxygen and copy the plugin - org.apache.jasper.glassfish_2.2.2.v201501141630.jar from eclipse-jee-oxygen-3a-win32-x86_64\eclipse\plugins
Copy org.apache.jasper.glassfish_2.2.2.v201501141630.jar in the folder where DataQuant is installed - C:\Program Files (x86)\IBM\IBM DataQuant\DataQuant for Workstation\plugins
Delete the older plugin org.apache.jasper.glassfish_2.2.2.v201205150955.jar from the DataQuant install directory