First published: Mon Oct 19 2020(Updated: )
An unspecified vulnerability in Java SE related to the Hotspot component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10 |
redhat/java | <11-openjdk-1:11.0.9.11-0.el7_9 | 11-openjdk-1:11.0.9.11-0.el7_9 |
redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9 | 1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9 |
redhat/java | <11-openjdk-1:11.0.9.11-0.el8_2 | 11-openjdk-1:11.0.9.11-0.el8_2 |
redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2 | 1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2 |
redhat/java | <11-openjdk-1:11.0.9.11-0.el8_0 | 11-openjdk-1:11.0.9.11-0.el8_0 |
redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el8_0 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el8_0 |
redhat/java | <11-openjdk-1:11.0.9.11-0.el8_1 | 11-openjdk-1:11.0.9.11-0.el8_1 |
redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el8_1 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el8_1 |
debian/openjdk-11 | 11.0.16+8-1~deb10u1 11.0.20+8-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1 | |
debian/openjdk-8 | 8u382-ga-2 | |
IBM Cloud Pak for Automation | <=20.0.3-IF002 | |
IBM Cloud Pak for Automation | <=21.0.1 | |
Oracle JDK | =1.7.0-update271 | |
Oracle JDK | =1.8.0-update261 | |
Oracle JDK | =11.0.8 | |
Oracle JDK | =15 | |
Oracle JRE | =1.8.0-update261 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
NetApp 7-Mode Transition Tool | ||
Netapp Active Iq Unified Manager Windows | >=7.3 | |
Netapp Active Iq Unified Manager Vmware Vsphere | >=9.5 | |
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.60.1 | |
Netapp E-series Santricity Storage Manager | ||
Netapp E-series Santricity Web Services Proxy | ||
Netapp Hci Management Node | ||
NetApp OnCommand Insight | ||
Netapp Oncommand Unified Manager | ||
Netapp Santricity Cloud Connector | ||
Netapp Santricity Unified Manager | ||
Netapp Snapmanager Oracle | ||
Netapp Snapmanager Sap | ||
Netapp Solidfire | ||
Netapp Hci Storage Node | ||
McAfee ePolicy Orchestrator | =5.9.0 | |
McAfee ePolicy Orchestrator | =5.9.1 | |
McAfee ePolicy Orchestrator | =5.10.0 | |
McAfee ePolicy Orchestrator | =5.10.0-update_1 | |
McAfee ePolicy Orchestrator | =5.10.0-update_2 | |
McAfee ePolicy Orchestrator | =5.10.0-update_3 | |
McAfee ePolicy Orchestrator | =5.10.0-update_4 | |
McAfee ePolicy Orchestrator | =5.10.0-update_5 | |
McAfee ePolicy Orchestrator | =5.10.0-update_6 | |
openSUSE Leap | =15.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID for this Java SE vulnerability is CVE-2020-14792.
The affected versions of Java SE are 7u271, 8u261, 11.0.8, and 15.
Yes, the vulnerability is difficult to exploit.
Yes, an unauthenticated attacker with network access can exploit this vulnerability.
The severity level of this vulnerability is medium.
You can find more information about this vulnerability at the following references: [Oracle Security Alert](https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA) and [Red Hat Security Advisory 2020:4306](https://access.redhat.com/errata/RHSA-2020:4306).