CVE-2020-14583

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-14583
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

8.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

5.1 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/
https://security.gentoo.org/glsa/202008-24 Third Party Advisory
https://security.gentoo.org/glsa/202209-15 Third Party Advisory
https://security.netapp.com/advisory/ntap-20200717-0005/ Third Party Advisory
https://usn.ubuntu.com/4433-1/ Third Party Advisory
https://usn.ubuntu.com/4453-1/ Third Party Advisory
https://www.debian.org/security/2020/dsa-4734 Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
History

07 Nov 2023, 03:17

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/', 'name': 'FEDORA-2020-5d0b4a2b5b', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/', 'name': 'FEDORA-2020-93cc9c3ef2', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/', 'name': 'FEDORA-2020-e418151dc3', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/', 'name': 'FEDORA-2020-508df53719', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/ -

27 Oct 2022, 22:59

Type Values Removed Values Added
CPE cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*		 cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*
References (GENTOO) https://security.gentoo.org/glsa/202209-15 - (GENTOO) https://security.gentoo.org/glsa/202209-15 - Third Party Advisory
First Time Netapp cloud Backup
Netapp oncommand Workflow Automation
Netapp storagegrid
Netapp 7-mode Transition Tool
Netapp oncommand Insight
Netapp steelstore Cloud Integrated Storage
Netapp active Iq Unified Manager
Netapp e-series Performance Analyzer
Netapp santricity Unified Manager
Netapp cloud Secure Agent
Netapp snapmanager
Netapp e-series Santricity Web Services

25 Sep 2022, 16:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202209-15 -

01 Jul 2022, 19:32

Type Values Removed Values Added
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/ - Mailing List, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4453-1/ - (UBUNTU) https://usn.ubuntu.com/4453-1/ - Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202008-24 - (GENTOO) https://security.gentoo.org/glsa/202008-24 - Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2020/dsa-4734 - (DEBIAN) https://www.debian.org/security/2020/dsa-4734 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html - Mailing List, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4433-1/ - (UBUNTU) https://usn.ubuntu.com/4433-1/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/ - Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html - Mailing List, Third Party Advisory
First Time Fedoraproject
Fedoraproject fedora
Opensuse leap
Debian
Opensuse
Canonical
Canonical ubuntu Linux
Debian debian Linux
CPE cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

13 May 2022, 14:57

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:jdk:1.7.0:update_261:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update_251:*:*:*:*:*:*		 cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*

13 May 2022, 12:55

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:jdk:1.8.0:update_251:*:*:*:*:*:* cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*
Information

Published : 2020-07-15 18:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-14583

Mitre link : CVE-2020-14583

CVE.ORG link : CVE-2020-14583

JSON object : View

Products Affected

netapp

  • cloud_secure_agent
  • snapmanager
  • cloud_backup
  • storagegrid
  • santricity_unified_manager
  • steelstore_cloud_integrated_storage
  • oncommand_workflow_automation
  • e-series_performance_analyzer
  • oncommand_insight
  • e-series_santricity_os_controller
  • active_iq_unified_manager
  • 7-mode_transition_tool
  • e-series_santricity_web_services

canonical

  • ubuntu_linux

oracle

  • jdk
  • jre

opensuse

  • leap

debian

  • debian_linux

fedoraproject

  • fedora
CWE
NVD-CWE-noinfo