Lucene search

K

[email protected]NVD:CVE-2020-14803

HistoryOct 21, 2020 - 3:15 p.m.

CVE-2020-14803

2020-10-2115:15:20

[email protected]

web.nvd.nist.gov

1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.003 Low

EPSS

Percentile

69.2%

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Affected configurations

NVD

Node

oraclegraalvmMatch19.3.3enterprise

OR

oraclegraalvmMatch19.3.4enterprise

OR

oraclegraalvmMatch20.2.0enterprise

OR

oraclegraalvmMatch20.3.0enterprise

OR

oraclejdkMatch7.0update_281

OR

oraclejdkMatch8.0update_271

OR

oraclejdkMatch11.0.8

OR

oraclejdkMatch15.0

OR

oraclejreMatch7.0update_281

OR

oraclejreMatch8.0update_271

OR

oraclejreMatch11.0.8

OR

oraclejreMatch15.0

Node

netapp7-mode_transition_toolMatch-

OR

netappactive_iq_unified_managerRange7.3≥windows

OR

netappactive_iq_unified_managerRange9.5≥vmware_vsphere

OR

netappe-series_santricity_os_controllerRange11.0.0–11.60.1

OR

netappe-series_santricity_storage_managerMatch-

OR

netappe-series_santricity_web_services_proxyMatch-

OR

netapphci_management_nodeMatch-

OR

netapponcommand_insightMatch-

OR

netapponcommand_unified_managerMatch-

OR

netappsantricity_cloud_connectorMatch-

OR

netappsantricity_unified_managerMatch-

OR

netappsnapmanagerMatch--oracle

OR

netappsnapmanagerMatch--sap

OR

netappsolidfireMatch-

OR

netapphci_storage_nodeMatch-

Node

debiandebian_linuxMatch9.0

OR

debiandebian_linuxMatch10.0

Node

opensuseleapMatch15.2

References

lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html

lists.debian.org/debian-lts-announce/2020/10/msg00031.html

security.gentoo.org/glsa/202101-19

security.netapp.com/advisory/ntap-20201023-0004/

www.debian.org/security/2020/dsa-4779

www.oracle.com/security-alerts/cpujan2021.html

www.oracle.com/security-alerts/cpuoct2020.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.003 Low

EPSS

Percentile

69.2%

Related for NVD:CVE-2020-14803

nessus64 openvas31 prion1 redhatcve1 suse3 veracode1 cvelist1 debiancve1 alpinelinux1 ubuntucve1 osv4 cve1 ibm52 redhat12 f51 rosalinux1 centos3 mageia1 oraclelinux5 amazon3 debian2 fedora6 ubuntu2 kaspersky1