Lucene search

K
nvd[email protected]NVD:CVE-2020-2601
HistoryJan 15, 2020 - 5:15 p.m.

CVE-2020-2601

2020-01-1517:15:20
web.nvd.nist.gov
7

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

34.4%

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).

Affected configurations

Nvd
Node
oraclejdkMatch1.7.0update241
OR
oraclejdkMatch1.8.0update231
OR
oraclejdkMatch11.0.5
OR
oraclejdkMatch13.0.1
OR
oraclejreMatch1.7.0update_241
OR
oraclejreMatch1.8.0update_231
OR
oraclejreMatch11.0.5
OR
oraclejreMatch13.0.1
Node
oracleopenjdkMatch7-
OR
oracleopenjdkMatch7update241
OR
oracleopenjdkMatch7update80
OR
oracleopenjdkMatch7update85
OR
oracleopenjdkMatch8-
OR
oracleopenjdkMatch8update102
OR
oracleopenjdkMatch8update112
OR
oracleopenjdkMatch8update152
OR
oracleopenjdkMatch8update162
OR
oracleopenjdkMatch8update172
OR
oracleopenjdkMatch8update192
OR
oracleopenjdkMatch8update20
OR
oracleopenjdkMatch8update202
OR
oracleopenjdkMatch8update212
OR
oracleopenjdkMatch8update222
OR
oracleopenjdkMatch8update232
OR
oracleopenjdkMatch8update40
OR
oracleopenjdkMatch8update60
OR
oracleopenjdkMatch8update66
OR
oracleopenjdkMatch8update72
OR
oracleopenjdkMatch8update92
OR
oracleopenjdkMatch11
OR
oracleopenjdkMatch11.0.1
OR
oracleopenjdkMatch11.0.2
OR
oracleopenjdkMatch11.0.3
OR
oracleopenjdkMatch11.0.4
OR
oracleopenjdkMatch11.0.5
OR
oracleopenjdkMatch13
OR
oracleopenjdkMatch13.0.1
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
Node
canonicalubuntu_linuxMatch16.04lts
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch19.10
Node
opensuseleapMatch15.1
Node
netappactive_iq_unified_managerRange7.3windows
OR
netappactive_iq_unified_managerRange9.5vmware_vsphere
OR
netappe-series_performance_analyzerMatch-
OR
netappe-series_santricity_managementMatch-vmware_vcenter
OR
netappe-series_santricity_os_controllerRange11.0.011.60.3
OR
netappe-series_santricity_storage_managerMatch-
OR
netappe-series_santricity_web_servicesMatch-web_services_proxy
OR
netapponcommand_insightMatch-
OR
netapponcommand_workflow_automationMatch-
OR
netappsantricity_unified_managerMatch-
OR
netappsteelstore_cloud_integrated_storageMatch-
Node
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_eusMatch7.7
OR
redhatenterprise_linux_eusMatch8.1
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch7.7
OR
redhatenterprise_linux_server_tusMatch7.7
OR
redhatenterprise_linux_workstationMatch6.0
OR
redhatenterprise_linux_workstationMatch7.0
VendorProductVersionCPE
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*
oraclejdk1.8.0cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*
oraclejdk11.0.5cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:*
oraclejdk13.0.1cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:*
oraclejre1.7.0cpe:2.3:a:oracle:jre:1.7.0:update_241:*:*:*:*:*:*
oraclejre1.8.0cpe:2.3:a:oracle:jre:1.8.0:update_231:*:*:*:*:*:*
oraclejre11.0.5cpe:2.3:a:oracle:jre:11.0.5:*:*:*:*:*:*:*
oraclejre13.0.1cpe:2.3:a:oracle:jre:13.0.1:*:*:*:*:*:*:*
oracleopenjdk7cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*
oracleopenjdk7cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*
Rows per page:
1-10 of 661

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

34.4%