CVE-2020-14792: Integer Overflow
First published: Mon Oct 19 2020(Updated: )
An unspecified vulnerability in Java SE related to the Hotspot component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10 |
| redhat/java | <11-openjdk-1:11.0.9.11-0.el7_9 | 11-openjdk-1:11.0.9.11-0.el7_9 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9 | 1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9 |
| redhat/java | <11-openjdk-1:11.0.9.11-0.el8_2 | 11-openjdk-1:11.0.9.11-0.el8_2 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2 | 1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2 |
| redhat/java | <11-openjdk-1:11.0.9.11-0.el8_0 | 11-openjdk-1:11.0.9.11-0.el8_0 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el8_0 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el8_0 |
| redhat/java | <11-openjdk-1:11.0.9.11-0.el8_1 | 11-openjdk-1:11.0.9.11-0.el8_1 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el8_1 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el8_1 |
| debian/openjdk-11 | 11.0.16+8-1~deb10u1 11.0.20+8-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1 | |
| debian/openjdk-8 | 8u382-ga-2 | |
| IBM Cloud Pak for Automation | <=20.0.3-IF002 | |
| IBM Cloud Pak for Automation | <=21.0.1 | |
| Oracle JDK | =1.7.0-update271 | |
| Oracle JDK | =1.8.0-update261 | |
| Oracle JDK | =11.0.8 | |
| Oracle JDK | =15 | |
| Oracle JRE | =1.8.0-update261 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| NetApp 7-Mode Transition Tool | ||
| Netapp Active Iq Unified Manager Windows | >=7.3 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | >=9.5 | |
| NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.60.1 | |
| Netapp E-series Santricity Storage Manager | ||
| Netapp E-series Santricity Web Services Proxy | ||
| Netapp Hci Management Node | ||
| NetApp OnCommand Insight | ||
| Netapp Oncommand Unified Manager | ||
| Netapp Santricity Cloud Connector | ||
| Netapp Santricity Unified Manager | ||
| Netapp Snapmanager Oracle | ||
| Netapp Snapmanager Sap | ||
| Netapp Solidfire | ||
| Netapp Hci Storage Node | ||
| McAfee ePolicy Orchestrator | =5.9.0 | |
| McAfee ePolicy Orchestrator | =5.9.1 | |
| McAfee ePolicy Orchestrator | =5.10.0 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_1 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_2 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_3 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_4 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_5 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_6 | |
| openSUSE Leap | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/190110
- https://www.ibm.com/support/pages/node/6465127 (Advisory)
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html
- https://security.gentoo.org/glsa/202101-19
- https://security.netapp.com/advisory/ntap-20201023-0004/
- https://www.debian.org/security/2020/dsa-4779
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2020:4306
- https://access.redhat.com/errata/RHSA-2020:4305
- https://access.redhat.com/security/cve/cve-2020-14792
- https://access.redhat.com/errata/RHSA-2020:4307
- https://access.redhat.com/errata/RHSA-2020:4316
- http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/ed3959f95671
- http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/rev/824065fb8b18
- https://access.redhat.com/errata/RHSA-2020:4349
- https://access.redhat.com/errata/RHSA-2020:4347
- https://access.redhat.com/errata/RHSA-2020:4352
- https://access.redhat.com/errata/RHSA-2020:4348
- https://access.redhat.com/errata/RHSA-2020:4350
- https://bugzilla.redhat.com/show_bug.cgi?id=1889280
- https://www.cve.org/CVERecord?id=CVE-2020-14792 https://nvd.nist.gov/vuln/detail/CVE-2020-14792
- https://security-tracker.debian.org/tracker/CVE-2020-14792
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the vulnerability ID for this Java SE vulnerability?
The vulnerability ID for this Java SE vulnerability is CVE-2020-14792.
Which versions of Java SE are affected by this vulnerability?
The affected versions of Java SE are 7u271, 8u261, 11.0.8, and 15.
Is the vulnerability difficult to exploit?
Yes, the vulnerability is difficult to exploit.
Can an attacker exploit this vulnerability without authentication?
Yes, an unauthenticated attacker with network access can exploit this vulnerability.
What is the severity level of this vulnerability?
The severity level of this vulnerability is medium.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following references: [Oracle Security Alert](https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA) and [Red Hat Security Advisory 2020:4306](https://access.redhat.com/errata/RHSA-2020:4306).
- collector/redhat-cve
- collector/security-tracker-debian
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-14792
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/weakness
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- package-manager/debian
- vendor/oracle
- canonical/oracle jdk
- version/oracle jdk/1.7.0-update271
- version/oracle jdk/1.8.0-update261
- version/oracle jdk/11.0.8
- version/oracle jdk/15
- canonical/oracle jre
- version/oracle jre/1.8.0-update261
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/netapp
- canonical/netapp 7-mode transition tool
- canonical/netapp active iq unified manager windows
- version/netapp active iq unified manager windows/7.3
- canonical/netapp active iq unified manager vmware vsphere
- version/netapp active iq unified manager vmware vsphere/9.5
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0.0
- version/netapp e-series santricity os controller/11.60.1
- canonical/netapp e-series santricity storage manager
- canonical/netapp e-series santricity web services proxy
- canonical/netapp hci management node
- canonical/netapp oncommand insight
- canonical/netapp oncommand unified manager
- canonical/netapp santricity cloud connector
- canonical/netapp santricity unified manager
- canonical/netapp snapmanager oracle
- canonical/netapp snapmanager sap
- canonical/netapp solidfire
- canonical/netapp hci storage node
- vendor/mcafee
- canonical/mcafee epolicy orchestrator
- version/mcafee epolicy orchestrator/5.9.0
- version/mcafee epolicy orchestrator/5.9.1
- version/mcafee epolicy orchestrator/5.10.0
- version/mcafee epolicy orchestrator/5.10.0-update_1
- version/mcafee epolicy orchestrator/5.10.0-update_2
- version/mcafee epolicy orchestrator/5.10.0-update_3
- version/mcafee epolicy orchestrator/5.10.0-update_4
- version/mcafee epolicy orchestrator/5.10.0-update_5
- version/mcafee epolicy orchestrator/5.10.0-update_6
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.2
- vendor/ibm
- canonical/ibm cloud pak for automation
- version/ibm cloud pak for automation/20.0.3-if002
- version/ibm cloud pak for automation/21.0.1