CVE-2020-14798
First published: Wed Oct 21 2020(Updated: )
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/openjdk-11 | 11.0.16+8-1~deb10u1 11.0.20+8-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1 | |
| debian/openjdk-8 | 8u382-ga-2 | |
| IBM Cloud Pak for Automation | <=20.0.3-IF002 | |
| IBM Cloud Pak for Automation | <=21.0.1 | |
| Oracle JDK | =1.7.0-update271 | |
| Oracle JDK | =1.8.0-update261 | |
| Oracle JDK | =11.0.8 | |
| Oracle JDK | =15 | |
| Oracle JRE | =1.8.0-update261 | |
| NetApp 7-Mode Transition Tool | ||
| Netapp Active Iq Unified Manager Windows | >=7.3 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | >=9.5 | |
| NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.60.1 | |
| Netapp E-series Santricity Storage Manager | ||
| Netapp E-series Santricity Web Services Proxy | ||
| Netapp Hci Management Node | ||
| NetApp OnCommand Insight | ||
| Netapp Oncommand Unified Manager | ||
| Netapp Santricity Cloud Connector | ||
| Netapp Santricity Unified Manager | ||
| Netapp Snapmanager Oracle | ||
| Netapp Snapmanager Sap | ||
| Netapp Solidfire | ||
| Netapp Hci Storage Node | ||
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| openSUSE Leap | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2020-14798
- https://exchange.xforce.ibmcloud.com/vulnerabilities/190116
- https://www.ibm.com/support/pages/node/6465127 (Advisory)
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html
- https://security.gentoo.org/glsa/202101-19
- https://security.netapp.com/advisory/ntap-20201023-0004/
- https://www.debian.org/security/2020/dsa-4779
- https://www.oracle.com/security-alerts/cpuoct2020.html
Frequently Asked Questions
What is CVE-2020-14798?
CVE-2020-14798 is an unspecified vulnerability in Java SE related to the Libraries component that could allow an unauthenticated attacker with network access.
Which versions of Java SE are affected by CVE-2020-14798?
Java SE 7u271, 8u261, 11.0.8, and 15 are the affected versions.
How can CVE-2020-14798 be exploited?
CVE-2020-14798 is a difficult-to-exploit vulnerability and requires network access.
What is the severity of CVE-2020-14798?
CVE-2020-14798 has a severity rating of 3.1 (low).
Is there a fix available for CVE-2020-14798?
Yes, there are specific versions of the affected software that have fixes available. Please refer to the vendor's official websites for the appropriate patches or updates.
- collector/security-tracker-debian
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/oracle
- canonical/oracle jdk
- version/oracle jdk/1.7.0-update271
- version/oracle jdk/1.8.0-update261
- version/oracle jdk/11.0.8
- version/oracle jdk/15
- canonical/oracle jre
- version/oracle jre/1.8.0-update261
- vendor/netapp
- canonical/netapp 7-mode transition tool
- canonical/netapp active iq unified manager windows
- version/netapp active iq unified manager windows/7.3
- canonical/netapp active iq unified manager vmware vsphere
- version/netapp active iq unified manager vmware vsphere/9.5
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0.0
- version/netapp e-series santricity os controller/11.60.1
- canonical/netapp e-series santricity storage manager
- canonical/netapp e-series santricity web services proxy
- canonical/netapp hci management node
- canonical/netapp oncommand insight
- canonical/netapp oncommand unified manager
- canonical/netapp santricity cloud connector
- canonical/netapp santricity unified manager
- canonical/netapp snapmanager oracle
- canonical/netapp snapmanager sap
- canonical/netapp solidfire
- canonical/netapp hci storage node
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.2
- vendor/ibm
- canonical/ibm cloud pak for automation
- version/ibm cloud pak for automation/20.0.3-if002
- version/ibm cloud pak for automation/21.0.1