CVE-2020-2604

2020-01-2700:00:00

ubuntu.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.1%

JSON

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE
(component: Serialization). Supported versions that are affected are Java
SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to
exploit vulnerability allows unauthenticated attacker with network access
via multiple protocols to compromise Java SE, Java SE Embedded. Successful
attacks of this vulnerability can result in takeover of Java SE, Java SE
Embedded. Note: This vulnerability applies to Java deployments, typically
in clients running sandboxed Java Web Start applications or sandboxed Java
applets (in Java SE 8), that load and run untrusted code (e.g., code that
comes from the internet) and rely on the Java sandbox for security. This
vulnerability can also be exploited by using APIs in the specified
Component, e.g., through a web service which supplies data to the APIs.
CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Bugs

<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-2604>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchopenjdk-8< 8u242-b08-0ubuntu3~18.04UNKNOWN
ubuntu19.10noarchopenjdk-8< 8u242-b08-0ubuntu3~19.10UNKNOWN
ubuntu16.04noarchopenjdk-8< 8u242-b08-0ubuntu3~16.04UNKNOWN
ubuntu18.04noarchopenjdk-lts< 11.0.6+10-1ubuntu1~18.04.1UNKNOWN
ubuntu19.10noarchopenjdk-lts< 11.0.6+10-1ubuntu1~19.10.1UNKNOWN
ubuntu20.04noarchopenjdk-lts< 11.0.6+10-1ubuntu1UNKNOWN
ubuntu20.10noarchopenjdk-lts< 11.0.6+10-1ubuntu1UNKNOWN
ubuntu21.04noarchopenjdk-lts< 11.0.6+10-1ubuntu1UNKNOWN
ubuntu21.10noarchopenjdk-lts< 11.0.6+10-1ubuntu1UNKNOWN
ubuntu22.04noarchopenjdk-lts< 11.0.6+10-1ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	openjdk-8	< 8u242-b08-0ubuntu3~18.04	UNKNOWN
ubuntu	19.10	noarch	openjdk-8	< 8u242-b08-0ubuntu3~19.10	UNKNOWN
ubuntu	16.04	noarch	openjdk-8	< 8u242-b08-0ubuntu3~16.04	UNKNOWN
ubuntu	18.04	noarch	openjdk-lts	< 11.0.6+10-1ubuntu1~18.04.1	UNKNOWN
ubuntu	19.10	noarch	openjdk-lts	< 11.0.6+10-1ubuntu1~19.10.1	UNKNOWN
ubuntu	20.04	noarch	openjdk-lts	< 11.0.6+10-1ubuntu1	UNKNOWN
ubuntu	20.10	noarch	openjdk-lts	< 11.0.6+10-1ubuntu1	UNKNOWN
ubuntu	21.04	noarch	openjdk-lts	< 11.0.6+10-1ubuntu1	UNKNOWN
ubuntu	21.10	noarch	openjdk-lts	< 11.0.6+10-1ubuntu1	UNKNOWN
ubuntu	22.04	noarch	openjdk-lts	< 11.0.6+10-1ubuntu1	UNKNOWN