CVE-2020-14781
First published: Mon Oct 19 2020(Updated: )
An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10 |
| redhat/java | <11-openjdk-1:11.0.9.11-0.el7_9 | 11-openjdk-1:11.0.9.11-0.el7_9 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9 | 1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9 |
| redhat/java | <1.7.1-ibm-1:1.7.1.4.75-1jpp.1.el7 | 1.7.1-ibm-1:1.7.1.4.75-1jpp.1.el7 |
| redhat/java | <1.8.0-ibm-1:1.8.0.6.25-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.6.25-1jpp.1.el7 |
| redhat/java | <11-openjdk-1:11.0.9.11-0.el8_2 | 11-openjdk-1:11.0.9.11-0.el8_2 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2 | 1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2 |
| redhat/java | <1.8.0-ibm-1:1.8.0.6.25-2.el8_3 | 1.8.0-ibm-1:1.8.0.6.25-2.el8_3 |
| redhat/java | <11-openjdk-1:11.0.9.11-0.el8_0 | 11-openjdk-1:11.0.9.11-0.el8_0 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el8_0 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el8_0 |
| redhat/java | <11-openjdk-1:11.0.9.11-0.el8_1 | 11-openjdk-1:11.0.9.11-0.el8_1 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el8_1 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el8_1 |
| debian/openjdk-11 | 11.0.16+8-1~deb10u1 11.0.20+8-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1 | |
| debian/openjdk-8 | 8u382-ga-2 | |
| Oracle JDK | =1.7.0-update271 | |
| Oracle JDK | =1.8.0-update261 | |
| Oracle JDK | =11.0.8 | |
| Oracle JDK | =15 | |
| Oracle JRE | =1.8.0-update261 | |
| NetApp 7-Mode Transition Tool | ||
| Netapp Active Iq Unified Manager Windows | >=7.3 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | >=9.5 | |
| NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.60.1 | |
| Netapp E-series Santricity Storage Manager | ||
| Netapp E-series Santricity Web Services Proxy | ||
| Netapp Hci Management Node | ||
| NetApp OnCommand Insight | ||
| Netapp Santricity Cloud Connector | ||
| Netapp Santricity Unified Manager | ||
| Netapp Snapmanager Oracle | ||
| Netapp Snapmanager Sap | ||
| Netapp Solidfire | ||
| Netapp Hci Storage Node | ||
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| openSUSE Leap | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-14781 https://nvd.nist.gov/vuln/detail/CVE-2020-14781
- https://bugzilla.redhat.com/show_bug.cgi?id=1889274
- https://access.redhat.com/errata/RHSA-2020:4348
- https://access.redhat.com/errata/RHSA-2020:4307
- https://access.redhat.com/errata/RHSA-2020:4350
- https://access.redhat.com/errata/RHSA-2020:5586
- https://access.redhat.com/errata/RHSA-2021:0717
- https://access.redhat.com/errata/RHSA-2020:4305
- https://access.redhat.com/errata/RHSA-2020:4347
- https://access.redhat.com/errata/RHSA-2021:0736
- https://access.redhat.com/errata/RHSA-2020:4316
- https://access.redhat.com/errata/RHSA-2020:4349
- https://access.redhat.com/errata/RHSA-2020:4306
- https://access.redhat.com/errata/RHSA-2020:4352
- https://access.redhat.com/security/cve/cve-2020-14781
- https://exchange.xforce.ibmcloud.com/vulnerabilities/190099
- https://www.ibm.com/support/pages/node/6520510 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2020-14781
- https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA
- https://www.oracle.com/java/technologies/javase/15-0-1-relnotes.html
- https://www.oracle.com/java/technologies/javase/11-0-9-relnotes.html
- https://www.oracle.com/java/technologies/javase/8u271-relnotes.html
- https://www.oracle.com/java/technologies/javase/7-support-relnotes.html#R170_281
- https://mail.openjdk.java.net/pipermail/security-dev/2020-October/022920.html
- http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/e8b4096c7091
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/ccf97104b8ea
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html
- https://security.gentoo.org/glsa/202101-19
- https://security.netapp.com/advisory/ntap-20201023-0004/
- https://www.debian.org/security/2020/dsa-4779
- https://www.oracle.com/security-alerts/cpuoct2020.html
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the vulnerability ID for this Java SE vulnerability?
The vulnerability ID for this Java SE vulnerability is CVE-2020-14781.
What is the affected software for this vulnerability?
The affected software for this vulnerability is Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.
How severe is CVE-2020-14781?
CVE-2020-14781 has a severity rating of medium (3.7).
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-319.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following references: [Oracle Security Alerts](https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA), [Java SE 15.0.1 Release Notes](https://www.oracle.com/java/technologies/javase/15-0-1-relnotes.html), [Java SE 11.0.9 Release Notes](https://www.oracle.com/java/technologies/javase/11-0-9-relnotes.html).
- collector/redhat-cve
- collector/ibm-support
- collector/security-tracker-debian
- agent/type
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-14781
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- package-manager/debian
- vendor/oracle
- canonical/oracle jdk
- version/oracle jdk/1.7.0-update271
- version/oracle jdk/1.8.0-update261
- version/oracle jdk/11.0.8
- version/oracle jdk/15
- canonical/oracle jre
- version/oracle jre/1.8.0-update261
- vendor/netapp
- canonical/netapp 7-mode transition tool
- canonical/netapp active iq unified manager windows
- version/netapp active iq unified manager windows/7.3
- canonical/netapp active iq unified manager vmware vsphere
- version/netapp active iq unified manager vmware vsphere/9.5
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0.0
- version/netapp e-series santricity os controller/11.60.1
- canonical/netapp e-series santricity storage manager
- canonical/netapp e-series santricity web services proxy
- canonical/netapp hci management node
- canonical/netapp oncommand insight
- canonical/netapp santricity cloud connector
- canonical/netapp santricity unified manager
- canonical/netapp snapmanager oracle
- canonical/netapp snapmanager sap
- canonical/netapp solidfire
- canonical/netapp hci storage node
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.2