First published: Mon Oct 19 2020(Updated: )
An unspecified vulnerability in Java SE related to the Hotspot component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10 |
redhat/java | <11-openjdk-1:11.0.9.11-0.el7_9 | 11-openjdk-1:11.0.9.11-0.el7_9 |
redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9 | 1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9 |
redhat/java | <11-openjdk-1:11.0.9.11-0.el8_2 | 11-openjdk-1:11.0.9.11-0.el8_2 |
redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2 | 1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2 |
redhat/java | <11-openjdk-1:11.0.9.11-0.el8_0 | 11-openjdk-1:11.0.9.11-0.el8_0 |
redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el8_0 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el8_0 |
redhat/java | <11-openjdk-1:11.0.9.11-0.el8_1 | 11-openjdk-1:11.0.9.11-0.el8_1 |
redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el8_1 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el8_1 |
debian/openjdk-11 | 11.0.16+8-1~deb10u1 11.0.20+8-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1 | |
debian/openjdk-8 | 8u382-ga-2 | |
IBM Cloud Pak for Automation | <=20.0.3-IF002 | |
IBM Cloud Pak for Automation | <=21.0.1 | |
Oracle Java SE 7 | =1.7.0-update271 | |
Oracle Java SE 7 | =1.8.0-update261 | |
Oracle Java SE 7 | =11.0.8 | |
Oracle Java SE 7 | =15 | |
Oracle JRE | =1.8.0-update261 | |
Debian Linux | =9.0 | |
Debian Linux | =10.0 | |
NetApp 7-Mode Transition Tool | ||
NetApp Active IQ Unified Manager | >=7.3 | |
NetApp Active IQ Unified Manager for VMware vSphere | >=9.5 | |
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.60.1 | |
NetApp SANtricity Storage Manager | ||
NetApp E-Series SANtricity Web Services | ||
NetApp SolidFire & HCI Management Node | ||
NetApp OnCommand Insight | ||
NetApp OnCommand Unified Manager for Windows | ||
NetApp SANtricity Cloud Connector | ||
NetApp E-Series SANtricity Unified Manager | ||
NetApp SnapManager for Oracle | ||
NetApp SnapManager for SAP | ||
NetApp SolidFire & HCI Storage Node | ||
NetApp HCI Storage Nodes | ||
McAfee ePolicy Orchestrator | =5.9.0 | |
McAfee ePolicy Orchestrator | =5.9.1 | |
McAfee ePolicy Orchestrator | =5.10.0 | |
McAfee ePolicy Orchestrator | =5.10.0-update_1 | |
McAfee ePolicy Orchestrator | =5.10.0-update_2 | |
McAfee ePolicy Orchestrator | =5.10.0-update_3 | |
McAfee ePolicy Orchestrator | =5.10.0-update_4 | |
McAfee ePolicy Orchestrator | =5.10.0-update_5 | |
McAfee ePolicy Orchestrator | =5.10.0-update_6 | |
SUSE Linux | =15.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID for this Java SE vulnerability is CVE-2020-14792.
The affected versions of Java SE are 7u271, 8u261, 11.0.8, and 15.
Yes, the vulnerability is difficult to exploit.
Yes, an unauthenticated attacker with network access can exploit this vulnerability.
The severity level of this vulnerability is medium.
You can find more information about this vulnerability at the following references: [Oracle Security Alert](https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA) and [Red Hat Security Advisory 2020:4306](https://access.redhat.com/errata/RHSA-2020:4306).