CVE-2020-14798
First published: Wed Oct 21 2020(Updated: )
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/openjdk-11 | 11.0.16+8-1~deb10u1 11.0.20+8-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1 | |
| debian/openjdk-8 | 8u382-ga-2 | |
| IBM Cloud Pak for Automation | <=20.0.3-IF002 | |
| IBM Cloud Pak for Automation | <=21.0.1 | |
| Oracle Java SE 7 | =1.7.0-update271 | |
| Oracle Java SE 7 | =1.8.0-update261 | |
| Oracle Java SE 7 | =11.0.8 | |
| Oracle Java SE 7 | =15 | |
| Oracle JRE | =1.8.0-update261 | |
| NetApp 7-Mode Transition Tool | ||
| NetApp Active IQ Unified Manager | >=7.3 | |
| NetApp Active IQ Unified Manager for VMware vSphere | >=9.5 | |
| NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.60.1 | |
| NetApp SANtricity Storage Manager | ||
| NetApp E-Series SANtricity Web Services | ||
| NetApp SolidFire & HCI Management Node | ||
| NetApp OnCommand Insight | ||
| NetApp OnCommand Unified Manager for Windows | ||
| NetApp SANtricity Cloud Connector | ||
| NetApp E-Series SANtricity Unified Manager | ||
| NetApp SnapManager for Oracle | ||
| NetApp SnapManager for SAP | ||
| NetApp SolidFire & HCI Storage Node | ||
| NetApp HCI Storage Nodes | ||
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 | |
| SUSE Linux | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2020-14798
- https://exchange.xforce.ibmcloud.com/vulnerabilities/190116
- https://www.ibm.com/support/pages/node/6465127 (Advisory)
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html
- https://security.gentoo.org/glsa/202101-19
- https://security.netapp.com/advisory/ntap-20201023-0004/
- https://www.debian.org/security/2020/dsa-4779
- https://www.oracle.com/security-alerts/cpuoct2020.html
Frequently Asked Questions
What is CVE-2020-14798?
CVE-2020-14798 is an unspecified vulnerability in Java SE related to the Libraries component that could allow an unauthenticated attacker with network access.
Which versions of Java SE are affected by CVE-2020-14798?
Java SE 7u271, 8u261, 11.0.8, and 15 are the affected versions.
How can CVE-2020-14798 be exploited?
CVE-2020-14798 is a difficult-to-exploit vulnerability and requires network access.
What is the severity of CVE-2020-14798?
CVE-2020-14798 has a severity rating of 3.1 (low).
Is there a fix available for CVE-2020-14798?
Yes, there are specific versions of the affected software that have fixes available. Please refer to the vendor's official websites for the appropriate patches or updates.
- collector/security-tracker-debian
- agent/type
- agent/author
- agent/references
- agent/description
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/severity
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- vendor/ibm
- canonical/ibm cloud pak for automation
- version/ibm cloud pak for automation/20.0.3-if002
- version/ibm cloud pak for automation/21.0.1
- vendor/oracle
- canonical/oracle java se 7
- version/oracle java se 7/1.7.0-update271
- version/oracle java se 7/1.8.0-update261
- version/oracle java se 7/11.0.8
- version/oracle java se 7/15
- canonical/oracle jre
- version/oracle jre/1.8.0-update261
- vendor/netapp
- canonical/netapp 7-mode transition tool
- canonical/netapp active iq unified manager
- version/netapp active iq unified manager/7.3
- canonical/netapp active iq unified manager for vmware vsphere
- version/netapp active iq unified manager for vmware vsphere/9.5
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0.0
- version/netapp e-series santricity os controller/11.60.1
- canonical/netapp santricity storage manager
- canonical/netapp e-series santricity web services
- canonical/netapp solidfire & hci management node
- canonical/netapp oncommand insight
- canonical/netapp oncommand unified manager for windows
- canonical/netapp santricity cloud connector
- canonical/netapp e-series santricity unified manager
- canonical/netapp snapmanager for oracle
- canonical/netapp snapmanager for sap
- canonical/netapp solidfire & hci storage node
- canonical/netapp hci storage nodes
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0
- version/debian linux/10.0
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.2