ROSA LABROSA-SA-2023-2315Advisory ROSA-SA-2023-2315
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
68.7%
Software: java-1.8.0-openjdk 1.8.0.392.b08
OS: rosa-server79
package_evr_string: java-1.8.0-openjdk-1.8.0.392.b08-2.res7
CVE-ID: CVE-2020-14583
BDU-ID: 2020-03866
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Libraries component of the Oracle Java SE and Oracle Java SE Embedded software platforms is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to impact the integrity, confidentiality, and availability of protected information
CVE-STATUS: Resolved
CVE-REV: To close, run yum update java-1.8.0-openjdk command
CVE-ID: CVE-2020-14803
BDU-ID: 2020-05035
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Libraries component of the Java SE software platform is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected data
CVE-STATUS: Fixed
CVE-REV: To close, run yum update java-1.8.0-openjdk command
CVE-ID: CVE-2020-14792
BDU-ID: 2020-05047
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Hotspot component of the Java SE, Java SE Embedded software platforms is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information or access to modify, add or delete data
CVE-STATUS: Resolved
CVE-REV: Run the yum update java-1.8.0-openjdk command to close.
CVE-ID: CVE-2020-14621
BDU-ID: 2020-03778
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the JAXP component of the Oracle Java SE, Java SE Embedded software platforms is related to access differentiation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read, modify, add, or delete data using multiple network protocols
CVE-STATUS: Resolved
CVE-REV: To close, run yum update java-1.8.0-openjdk.
CVE-ID: CVE-2022-21349
BDU-ID: 2022-02001
CVE-Crit: N/A
CVE-DESC.: A vulnerability in the 2D virtual machine component of Oracle GraalVM Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: Run the yum update java-1.8.0-openjdk command to close.
Related
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
68.7%