Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2020-2655
HistoryJan 15, 2020 - 12:00 a.m.

CVE-2020-2655

2020-01-1500:00:00
ubuntu.com
ubuntu.com
8

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

62.0%

JSON

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE).
Supported versions that are affected are Java SE: 11.0.5 and 13.0.1.
Difficult to exploit vulnerability allows unauthenticated attacker with
network access via HTTPS to compromise Java SE. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to
some of Java SE accessible data as well as unauthorized read access to a
subset of Java SE accessible data. Note: This vulnerability applies to Java
deployments, typically in clients running sandboxed Java Web Start
applications or sandboxed Java applets (in Java SE 8), that load and run
untrusted code (e.g., code that comes from the internet) and rely on the
Java sandbox for security. This vulnerability can also be exploited by
using APIs in the specified Component, e.g., through a web service which
supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Bugs

Notes

Author Note
sbeattie opnejdk 11 and newer
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchopenjdk-lts< 11.0.6+10-1ubuntu1~18.04.1UNKNOWN
ubuntu19.10noarchopenjdk-lts< 11.0.6+10-1ubuntu1~19.10.1UNKNOWN
ubuntu20.04noarchopenjdk-lts< 11.0.6+10-1ubuntu1UNKNOWN

Related

debiancve 1
alpinelinux 1
prion 1
symantec 1
openvas 9
redhatcve 1
nvd 1
veracode 1
cvelist 1
cve 1
f5 1
nessus 22
osv 1
redhat 3
centos 1
oraclelinux 2
debian 1
suse 1
ubuntu 1
kaspersky 1
amazon 1
ibm 5
photon 6
altlinux 1
oracle 1
debiancve
debiancve
CVE-2020-2655
2020-01-15 17:15:24
alpinelinux
alpinelinux
CVE-2020-2655
2020-01-15 17:15:24
prion
prion
Design/Logic Flaw
2020-01-15 17:15:00
symantec
symantec
Oracle Java SE CVE-2020-2655 Remote Security Vulnerability
2020-01-14 00:00:00
openvas
openvas
Oracle Java SE Security Update (cpujan2020 - 03) - Windows
2020-01-16 00:00:00
Oracle Java SE Security Update (cpujan2020 - 03) - Linux
2020-01-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0140-1)
2021-04-19 00:00:00
redhatcve
redhatcve
CVE-2020-2655
2020-01-15 11:39:04
nvd
nvd
CVE-2020-2655
2020-01-15 17:15:24
veracode
veracode
Authorization Bypass
2020-01-17 01:47:11
cvelist
cvelist
CVE-2020-2655
2020-01-15 16:34:05
cve
cve
CVE-2020-2655
2020-01-15 17:15:24
f5
f5
K86435316 : OpenJDK vulnerabilities CVE-2020-2585 and CVE-2020-2655
2022-08-19 00:00:00
nessus
nessus
Oracle Linux 8 : java-11-openjdk (ELSA-2020-0128)
2020-01-21 00:00:00
RHEL 8 : java-11-openjdk (RHSA-2020:0232)
2020-01-28 00:00:00
Oracle Linux 7 : java-11-openjdk (ELSA-2020-0122)
2020-01-17 00:00:00
osv
osv
openjdk-11 - security update
2020-01-19 00:00:00
redhat
redhat
(RHSA-2020:0128) Important: java-11-openjdk security update
2020-01-16 12:27:40
(RHSA-2020:0232) Important: java-11-openjdk security update
2020-01-27 08:07:50
(RHSA-2020:0122) Important: java-11-openjdk security update
2020-01-16 10:46:10
centos
centos
java security update
2020-01-18 14:53:03
oraclelinux
oraclelinux
java-11-openjdk security update
2020-01-16 00:00:00
java-11-openjdk security update
2020-01-20 00:00:00
debian
debian
[SECURITY] [DSA 4605-1] openjdk-11 security update
2020-01-19 21:52:05
suse
suse
Security update for java-11-openjdk (important)
2020-01-28 00:00:00
ubuntu
ubuntu
OpenJDK vulnerabilities
2020-01-28 00:00:00
kaspersky
kaspersky
KLA11646 Multiple vulnerabilities in Oracle JRE
2020-01-05 00:00:00
amazon
amazon
Important: java-11-amazon-corretto
2020-01-14 23:07:00
ibm
ibm
Security Bulletin: Watson Machine Learning Service is impacted by security vulnerabilities in OpenJDK 11
2020-07-31 22:02:59
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java
2020-06-19 05:06:43
Security Bulletin: Multiple vulnerabilities in OpenJDK version 8 affect IBM InfoSphere Information Server
2021-04-01 20:45:06
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0235
2020-04-24 00:00:00
Critical Photon OS Security Update - PHSA-2020-0235
2020-04-24 00:00:00
Critical Photon OS Security Update - PHSA-2020-0084
2020-04-24 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.12.7-alt1_0jpp10
2021-08-25 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

62.0%

JSON
Related for UB:CVE-2020-2655
debiancve1alpinelinux1prion1symantec1openvas9redhatcve1nvd1veracode1cvelist1cve1f51nessus22osv1redhat3centos1oraclelinux2debian1suse1ubuntu1kaspersky1amazon1ibm5photon6altlinux1oracle1