Lucene search

Kaspersky LabKLA11646

HistoryJan 05, 2020 - 12:00 a.m.

KLA11646 Multiple vulnerabilities in Oracle JRE

2020-01-0500:00:00

Kaspersky Lab

threats.kaspersky.com

225

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.1%

JSON

Detect date:

01/05/2020

Severity:

Warning

Description:

Multiple vulnerabilities were found in Oracle Java SE. Malicious users can exploit these vulnerabilities to obtain sensitive information.

Affected products:

Java SE: 7u241, 8u231, 11.0.5, 13.0.1
Java SE Embedded: 8u231

Solution:

Update to the latest version
Download Java

Original advisories:

Oracle Critical Patch Update Advisory – January 2020

Impacts:

ACE

Related products:

Oracle Java JRE 1.7.x

CVE-IDS:

CVE-2019-131185.0Warning
CVE-2020-26555.8High
CVE-2020-25834.3Warning
CVE-2020-26046.8High
CVE-2020-26594.3Warning
CVE-2020-26544.3Warning
CVE-2019-161684.3Warning
CVE-2020-25935.8High
CVE-2019-131175.0Warning
CVE-2020-26014.3Warning
CVE-2020-25904.3Warning
CVE-2020-25854.3Warning

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13117

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13118

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2583

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2585

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2590

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2593

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2601

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2604

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2655

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2659

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Oracle-Java-JRE-1.10.x/

threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/

threats.kaspersky.com/en/product/Oracle-Java-JRE-1.8.x/

threats.kaspersky.com/en/product/Oracle-Java-JRE-1.9.x/

www.oracle.com/java/

www.oracle.com/security-alerts/cpujan2020verbose.html

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.1%

JSON

Related for KLA11646