Lucene search

[email protected]NVD:CVE-2020-14577

HistoryJul 15, 2020 - 6:15 p.m.

CVE-2020-14577

2020-07-1518:15:23

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

42.2%

JSON

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Affected configurations

NVD

Node

oraclejdkMatch1.7.0update261

oraclejdkMatch1.8.0update251

oraclejdkMatch11.0.7

oraclejdkMatch14.0.1

oraclejreMatch1.8.0update251

Node

fedoraprojectfedoraMatch31

fedoraprojectfedoraMatch32

Node

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch20.04lts

Node

opensuseleapMatch15.1

opensuseleapMatch15.2

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch11.0

Node

netapp7-mode_transition_toolMatch-

netappactive_iq_unified_managerRange7.3≥windows

netappactive_iq_unified_managerRange9.5≥vsphere

netappcloud_backupMatch-

netappcloud_secure_agentMatch-

netappe-series_performance_analyzerMatch-

netappe-series_santricity_os_controllerRange11.0.0–11.70.2

netappe-series_santricity_web_servicesMatch-web_services_proxy

netapponcommand_insightMatch-

netapponcommand_workflow_automationMatch-

netappsantricity_unified_managerMatch-

netappsnapmanagerMatch-sap

netappsnapmanagerMatch--oracle

netappsteelstore_cloud_integrated_storageMatch-

netappstoragegridRange9.0.0–9.0.4

netappstoragegridMatch-

References

lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html

lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html

lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html

lists.debian.org/debian-lts-announce/2020/08/msg00021.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/

security.gentoo.org/glsa/202209-15

security.netapp.com/advisory/ntap-20200717-0005/

usn.ubuntu.com/4433-1/

usn.ubuntu.com/4453-1/

www.debian.org/security/2020/dsa-4734

www.oracle.com/security-alerts/cpujul2020.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

42.2%

JSON

Related for NVD:CVE-2020-14577

prion1 ubuntucve1 ibm86 cve1 f52 redhatcve1 veracode1 alpinelinux1 debiancve1 cvelist1 nessus49 openvas21 redhat10 centos3 oraclelinux5 amazon3 mageia1 fedora4 osv1 debian1 ubuntu2 suse2 photon1