CVE-2020-14621

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-14621
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html Mailing List Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10332 Third Party Advisory
https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/
https://security.gentoo.org/glsa/202008-24 Third Party Advisory
https://security.gentoo.org/glsa/202209-15 Third Party Advisory
https://security.netapp.com/advisory/ntap-20200717-0005/ Third Party Advisory
https://usn.ubuntu.com/4433-1/ Third Party Advisory
https://usn.ubuntu.com/4453-1/ Third Party Advisory
https://www.debian.org/security/2020/dsa-4734 Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
History

07 Nov 2023, 03:17

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/', 'name': 'FEDORA-2020-5d0b4a2b5b', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/', 'name': 'FEDORA-2020-e418151dc3', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103@%3Cj-users.xerces.apache.org%3E', 'name': '[xerces-j-users] 20201014 Security vulnerability in 2.12.0', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/', 'name': 'FEDORA-2020-93cc9c3ef2', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/', 'name': 'FEDORA-2020-508df53719', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/ -
  • () https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/ -

27 Oct 2022, 22:58

Type Values Removed Values Added
References (GENTOO) https://security.gentoo.org/glsa/202209-15 - (GENTOO) https://security.gentoo.org/glsa/202209-15 - Third Party Advisory

25 Sep 2022, 16:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202209-15 -

01 Jul 2022, 19:40

Type Values Removed Values Added
CPE cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
First Time Netapp plug-in For Symantec Netbackup
Fedoraproject fedora
Netapp e-series Santricity Os Controller
Netapp steelstore Cloud Integrated Storage
Opensuse leap
Mcafee
Canonical
Netapp oncommand Unified Manager Core Package
Netapp
Debian debian Linux
Netapp e-series Santricity Web Services
Netapp snapmanager
Fedoraproject
Netapp santricity Unified Manager
Netapp cloud Backup
Debian
Mcafee epolicy Orchestrator
Opensuse
Canonical ubuntu Linux
Netapp cloud Secure Agent
Netapp oncommand Workflow Automation
Netapp oncommand Insight
Netapp e-series Performance Analyzer
Netapp e-series Santricity Storage Manager
Netapp active Iq Unified Manager
Netapp 7-mode Transition Tool
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html - Mailing List, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20200717-0005/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20200717-0005/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/ - Mailing List, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4453-1/ - (UBUNTU) https://usn.ubuntu.com/4453-1/ - Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202008-24 - (GENTOO) https://security.gentoo.org/glsa/202008-24 - Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2020/dsa-4734 - (DEBIAN) https://www.debian.org/security/2020/dsa-4734 - Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103@%3Cj-users.xerces.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103@%3Cj-users.xerces.apache.org%3E - Mailing List, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4433-1/ - (UBUNTU) https://usn.ubuntu.com/4433-1/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/ - Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html - Mailing List, Third Party Advisory
References (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10332 - (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10332 - Third Party Advisory

13 May 2022, 14:57

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:jdk:1.7.0:update_261:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update_251:*:*:*:*:*:*		 cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*

13 May 2022, 12:55

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:jdk:1.8.0:update_251:*:*:*:*:*:* cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*
Information

Published : 2020-07-15 18:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-14621

Mitre link : CVE-2020-14621

CVE.ORG link : CVE-2020-14621

JSON object : View

Products Affected

netapp

  • oncommand_workflow_automation
  • cloud_backup
  • oncommand_insight
  • oncommand_unified_manager_core_package
  • e-series_santricity_storage_manager
  • santricity_unified_manager
  • 7-mode_transition_tool
  • active_iq_unified_manager
  • e-series_performance_analyzer
  • snapmanager
  • cloud_secure_agent
  • steelstore_cloud_integrated_storage
  • plug-in_for_symantec_netbackup
  • e-series_santricity_os_controller
  • e-series_santricity_web_services

oracle

  • jre
  • jdk

mcafee

  • epolicy_orchestrator

fedoraproject

  • fedora

opensuse

  • leap

debian

  • debian_linux

canonical

  • ubuntu_linux
CWE
NVD-CWE-noinfo