CVE-2020-14792: Integer Overflow
First published: Mon Oct 19 2020(Updated: )
An unspecified vulnerability in Java SE related to the Hotspot component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10 |
| redhat/java | <11-openjdk-1:11.0.9.11-0.el7_9 | 11-openjdk-1:11.0.9.11-0.el7_9 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9 | 1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9 |
| redhat/java | <11-openjdk-1:11.0.9.11-0.el8_2 | 11-openjdk-1:11.0.9.11-0.el8_2 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2 | 1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2 |
| redhat/java | <11-openjdk-1:11.0.9.11-0.el8_0 | 11-openjdk-1:11.0.9.11-0.el8_0 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el8_0 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el8_0 |
| redhat/java | <11-openjdk-1:11.0.9.11-0.el8_1 | 11-openjdk-1:11.0.9.11-0.el8_1 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el8_1 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el8_1 |
| debian/openjdk-11 | 11.0.16+8-1~deb10u1 11.0.20+8-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1 | |
| debian/openjdk-8 | 8u382-ga-2 | |
| IBM Cloud Pak for Automation | <=20.0.3-IF002 | |
| IBM Cloud Pak for Automation | <=21.0.1 | |
| Oracle Java SE 7 | =1.7.0-update271 | |
| Oracle Java SE 7 | =1.8.0-update261 | |
| Oracle Java SE 7 | =11.0.8 | |
| Oracle Java SE 7 | =15 | |
| Oracle JRE | =1.8.0-update261 | |
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 | |
| NetApp 7-Mode Transition Tool | ||
| NetApp Active IQ Unified Manager | >=7.3 | |
| NetApp Active IQ Unified Manager for VMware vSphere | >=9.5 | |
| NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.60.1 | |
| NetApp SANtricity Storage Manager | ||
| NetApp E-Series SANtricity Web Services | ||
| NetApp SolidFire & HCI Management Node | ||
| NetApp OnCommand Insight | ||
| NetApp OnCommand Unified Manager for Windows | ||
| NetApp SANtricity Cloud Connector | ||
| NetApp E-Series SANtricity Unified Manager | ||
| NetApp SnapManager for Oracle | ||
| NetApp SnapManager for SAP | ||
| NetApp SolidFire & HCI Storage Node | ||
| NetApp HCI Storage Nodes | ||
| McAfee ePolicy Orchestrator | =5.9.0 | |
| McAfee ePolicy Orchestrator | =5.9.1 | |
| McAfee ePolicy Orchestrator | =5.10.0 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_1 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_2 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_3 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_4 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_5 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_6 | |
| SUSE Linux | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/190110
- https://www.ibm.com/support/pages/node/6465127 (Advisory)
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html
- https://security.gentoo.org/glsa/202101-19
- https://security.netapp.com/advisory/ntap-20201023-0004/
- https://www.debian.org/security/2020/dsa-4779
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2020:4306
- https://access.redhat.com/errata/RHSA-2020:4305
- https://access.redhat.com/security/cve/cve-2020-14792
- https://access.redhat.com/errata/RHSA-2020:4307
- https://access.redhat.com/errata/RHSA-2020:4316
- http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/ed3959f95671
- http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/rev/824065fb8b18
- https://access.redhat.com/errata/RHSA-2020:4349
- https://access.redhat.com/errata/RHSA-2020:4347
- https://access.redhat.com/errata/RHSA-2020:4352
- https://access.redhat.com/errata/RHSA-2020:4348
- https://access.redhat.com/errata/RHSA-2020:4350
- https://bugzilla.redhat.com/show_bug.cgi?id=1889280
- https://www.cve.org/CVERecord?id=CVE-2020-14792 https://nvd.nist.gov/vuln/detail/CVE-2020-14792
- https://security-tracker.debian.org/tracker/CVE-2020-14792
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the vulnerability ID for this Java SE vulnerability?
The vulnerability ID for this Java SE vulnerability is CVE-2020-14792.
Which versions of Java SE are affected by this vulnerability?
The affected versions of Java SE are 7u271, 8u261, 11.0.8, and 15.
Is the vulnerability difficult to exploit?
Yes, the vulnerability is difficult to exploit.
Can an attacker exploit this vulnerability without authentication?
Yes, an unauthenticated attacker with network access can exploit this vulnerability.
What is the severity level of this vulnerability?
The severity level of this vulnerability is medium.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following references: [Oracle Security Alert](https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA) and [Red Hat Security Advisory 2020:4306](https://access.redhat.com/errata/RHSA-2020:4306).
- collector/redhat-cve
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-14792
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/weakness
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- package-manager/debian
- vendor/ibm
- canonical/ibm cloud pak for automation
- version/ibm cloud pak for automation/20.0.3-if002
- version/ibm cloud pak for automation/21.0.1
- vendor/oracle
- canonical/oracle java se 7
- version/oracle java se 7/1.7.0-update271
- version/oracle java se 7/1.8.0-update261
- version/oracle java se 7/11.0.8
- version/oracle java se 7/15
- canonical/oracle jre
- version/oracle jre/1.8.0-update261
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0
- version/debian linux/10.0
- vendor/netapp
- canonical/netapp 7-mode transition tool
- canonical/netapp active iq unified manager
- version/netapp active iq unified manager/7.3
- canonical/netapp active iq unified manager for vmware vsphere
- version/netapp active iq unified manager for vmware vsphere/9.5
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0.0
- version/netapp e-series santricity os controller/11.60.1
- canonical/netapp santricity storage manager
- canonical/netapp e-series santricity web services
- canonical/netapp solidfire & hci management node
- canonical/netapp oncommand insight
- canonical/netapp oncommand unified manager for windows
- canonical/netapp santricity cloud connector
- canonical/netapp e-series santricity unified manager
- canonical/netapp snapmanager for oracle
- canonical/netapp snapmanager for sap
- canonical/netapp solidfire & hci storage node
- canonical/netapp hci storage nodes
- vendor/mcafee
- canonical/mcafee epolicy orchestrator
- version/mcafee epolicy orchestrator/5.9.0
- version/mcafee epolicy orchestrator/5.9.1
- version/mcafee epolicy orchestrator/5.10.0
- version/mcafee epolicy orchestrator/5.10.0-update_1
- version/mcafee epolicy orchestrator/5.10.0-update_2
- version/mcafee epolicy orchestrator/5.10.0-update_3
- version/mcafee epolicy orchestrator/5.10.0-update_4
- version/mcafee epolicy orchestrator/5.10.0-update_5
- version/mcafee epolicy orchestrator/5.10.0-update_6
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.2