First published: Mon Jul 13 2020(Updated: )
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.8.0-openjdk-1:1.8.0.262.b10-0.el6_10 | 1.8.0-openjdk-1:1.8.0.262.b10-0.el6_10 |
redhat/java | <1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el6_10 | 1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el6_10 |
redhat/java | <1.8.0-openjdk-1:1.8.0.262.b10-0.el7_8 | 1.8.0-openjdk-1:1.8.0.262.b10-0.el7_8 |
redhat/java | <11-openjdk-1:11.0.8.10-0.el7_8 | 11-openjdk-1:11.0.8.10-0.el7_8 |
redhat/java | <1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el7 | 1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el7 |
redhat/java | <1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7 |
redhat/java | <11-openjdk-1:11.0.8.10-0.el8_2 | 11-openjdk-1:11.0.8.10-0.el8_2 |
redhat/java | <1.8.0-openjdk-1:1.8.0.262.b10-0.el8_2 | 1.8.0-openjdk-1:1.8.0.262.b10-0.el8_2 |
redhat/java | <1.8.0-ibm-1:1.8.0.6.15-1.el8_2 | 1.8.0-ibm-1:1.8.0.6.15-1.el8_2 |
redhat/java | <11-openjdk-1:11.0.8.10-0.el8_0 | 11-openjdk-1:11.0.8.10-0.el8_0 |
redhat/java | <1.8.0-openjdk-1:1.8.0.262.b10-0.el8_0 | 1.8.0-openjdk-1:1.8.0.262.b10-0.el8_0 |
redhat/java | <11-openjdk-1:11.0.8.10-0.el8_1 | 11-openjdk-1:11.0.8.10-0.el8_1 |
redhat/java | <1.8.0-openjdk-1:1.8.0.262.b10-0.el8_1 | 1.8.0-openjdk-1:1.8.0.262.b10-0.el8_1 |
debian/openjdk-11 | 11.0.24+8-2~deb11u1 11.0.26+4-1~deb11u1 11.0.27~4ea-1 | |
debian/openjdk-8 | 8u442-ga-2 | |
Oracle Java SE 7 | =1.7.0-update261 | |
Oracle Java SE 7 | =1.8.0-update251 | |
Oracle Java SE 7 | =11.0.7 | |
Oracle Java SE 7 | =14.0.1 | |
Oracle JRE | =1.8.0-update251 | |
Red Hat Fedora | =31 | |
Red Hat Fedora | =32 | |
Ubuntu | =16.04 | |
Ubuntu | =18.04 | |
Ubuntu | =20.04 | |
Debian Linux | =9.0 | |
Debian Linux | =10.0 | |
SUSE Linux | =15.1 | |
SUSE Linux | =15.2 | |
NetApp 7-Mode Transition Tool | ||
NetApp Active IQ Unified Manager | >=7.3 | |
NetApp Active IQ Unified Manager | >=9.5 | |
NetApp Cloud Backup | ||
NetApp Cloud Secure Agent | ||
NetApp E-Series Performance Analyzer | ||
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.70.2 | |
NetApp E-Series SANtricity Web Services | ||
NetApp OnCommand Insight | ||
NetApp OnCommand Workflow Automation | ||
NetApp E-Series SANtricity Unified Manager | ||
NetApp SnapManager for SAP | ||
NetApp SnapManager for Oracle | ||
NetApp SteelStore Cloud Integrated Storage | ||
NetApp StorageGRID Webscale | >=9.0.0<=9.0.4 | |
NetApp StorageGRID Webscale |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2020-14583 has been classified with low confidentiality impact, low integrity impact, and no availability impact.
To fix CVE-2020-14583, update to the recommended versions of the affected Java packages provided by Red Hat and other vendors.
CVE-2020-14583 affects various versions of Java SE, including multiple OpenJDK and IBM Java packages across different Red Hat and Debian distributions.
Yes, CVE-2020-14583 can be exploited by an unauthenticated attacker.
The vulnerability relates specifically to the Libraries component of Java SE, affecting boundary checks in the java.nio.Buffer class.