First published: Tue Jul 14 2020(Updated: )
A flaw was found in the DerValue class in the Libraries component of OpenJDK. An incorrect implementation of the DerValue.equals() method could cause the class to raise an exception not declared to be thrown by the DerValue.
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.8.0-openjdk-1:1.8.0.262.b10-0.el6_10 | 1.8.0-openjdk-1:1.8.0.262.b10-0.el6_10 |
redhat/java | <1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el6_10 | 1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el6_10 |
redhat/java | <1.8.0-openjdk-1:1.8.0.262.b10-0.el7_8 | 1.8.0-openjdk-1:1.8.0.262.b10-0.el7_8 |
redhat/java | <1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el7 | 1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el7 |
redhat/java | <1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7 |
redhat/java | <1.8.0-openjdk-1:1.8.0.262.b10-0.el8_2 | 1.8.0-openjdk-1:1.8.0.262.b10-0.el8_2 |
redhat/java | <1.8.0-ibm-1:1.8.0.6.15-1.el8_2 | 1.8.0-ibm-1:1.8.0.6.15-1.el8_2 |
redhat/java | <1.8.0-openjdk-1:1.8.0.262.b10-0.el8_0 | 1.8.0-openjdk-1:1.8.0.262.b10-0.el8_0 |
redhat/java | <1.8.0-openjdk-1:1.8.0.262.b10-0.el8_1 | 1.8.0-openjdk-1:1.8.0.262.b10-0.el8_1 |
Oracle JDK | =1.7.0-update261 | |
Oracle JDK | =1.8.0-update251 | |
Oracle JRE | =1.8.0-update251 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
McAfee ePolicy Orchestrator | =5.9.0 | |
McAfee ePolicy Orchestrator | =5.9.1 | |
McAfee ePolicy Orchestrator | =5.10.0 | |
McAfee ePolicy Orchestrator | =5.10.0-update_1 | |
McAfee ePolicy Orchestrator | =5.10.0-update_2 | |
McAfee ePolicy Orchestrator | =5.10.0-update_3 | |
McAfee ePolicy Orchestrator | =5.10.0-update_4 | |
McAfee ePolicy Orchestrator | =5.10.0-update_5 | |
McAfee ePolicy Orchestrator | =5.10.0-update_6 | |
McAfee ePolicy Orchestrator | =5.10.0-update_7 | |
McAfee ePolicy Orchestrator | =5.10.0-update_8 | |
openSUSE Leap | =15.2 | |
NetApp 7-Mode Transition Tool | ||
Netapp Active Iq Unified Manager Windows | >=7.3 | |
Netapp Active Iq Unified Manager Vsphere | >=9.5 | |
Netapp Cloud Backup | ||
Netapp Cloud Secure Agent | ||
Netapp E-series Performance Analyzer | ||
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.70.2 | |
Netapp E-series Santricity Web Services Web Services Proxy | ||
NetApp OnCommand Insight | ||
NetApp OnCommand Workflow Automation | ||
Netapp Santricity Unified Manager | ||
Netapp Snapmanager Sap | ||
Netapp Snapmanager Oracle | ||
Netapp Steelstore Cloud Integrated Storage | ||
Netapp Storagegrid | >=9.0.0<=9.0.4 | |
Netapp Storagegrid | ||
IBM Cognos Controller 10.4.2 | <=IBM Cognos Controller 10.4.2 | |
IBM Cognos Controller 10.4.1 | <=IBM Cognos Controller 10.4.1 | |
IBM Cognos Controller 10.4.0 | <=IBM Cognos Controller 10.4.0 | |
debian/openjdk-11 | 11.0.24+8-2~deb11u1 11.0.25+9-1~deb11u1 11.0.26~6ea-1 | |
debian/openjdk-8 | 8u432-b06-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2020-14579 is an unspecified vulnerability in Java SE related to the Libraries component.
Java SE versions 7u261 and 8u251 are affected by CVE-2020-14579.
An unauthenticated attacker with network access can exploit CVE-2020-14579 using multiple protocols.
CVE-2020-14579 has a severity rating of 3.7 (Medium).
To fix CVE-2020-14579, update to Java SE version 7u262 or 8u262.