Java SE Vulnerability in Oracle Java SE Products
CVE-2020-14803

5.3MEDIUM

Key Information:

Vendor
Oracle
Status
Java Se Jdk And Jre
Graalvm Enterprise Edition
Vendor
CVE Published:
21 October 2020

Summary

A vulnerability exists within Oracle's Java SE that can be exploited by an unauthenticated attacker with network access, leading to unauthorized read access of certain Java SE accessible data. This security flaw primarily affects Java deployments in environments where sandboxed Java Web Start applications or applets are run, particularly when they load and execute untrusted code sourced from the internet. Organizations are advised to apply necessary security updates and mitigate risks associated with running untrusted Java applications.

Affected Version(s)

GraalVM Enterprise Edition 19.3.4

GraalVM Enterprise Edition 20.3.0

Java SE JDK and JRE Java SE: 11.0.8

References

https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
https://www.debian.org/security/2020/dsa-4779
vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2020/10/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.