[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2020-2604Date: (C)2020-01-16   (M)2024-03-22


Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.1CVSS Score : 6.8
Exploit Score: 2.2Exploit Score: 8.6
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
https://seclists.org/bugtraq/2020/Feb/22
DSA-4621
GLSA-202101-19
RHSA-2020:0122
RHSA-2020:0128
RHSA-2020:0196
RHSA-2020:0202
RHSA-2020:0231
RHSA-2020:0232
RHSA-2020:0465
RHSA-2020:0467
RHSA-2020:0468
RHSA-2020:0469
RHSA-2020:0470
RHSA-2020:0541
RHSA-2020:0632
USN-4257-1
https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10315
https://security.netapp.com/advisory/ntap-20200122-0003/
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2021.html
openSUSE-SU-2020:0113
openSUSE-SU-2020:0147

CWE    1
CWE-502
OVAL    58
oval:org.secpod.oval:def:66514
oval:org.secpod.oval:def:61770
oval:org.secpod.oval:def:61785
oval:org.secpod.oval:def:1000825
...

© SecPod Technologies