First published: Tue Oct 20 2020(Updated: )
An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10 |
redhat/java | <11-openjdk-1:11.0.9.11-0.el7_9 | 11-openjdk-1:11.0.9.11-0.el7_9 |
redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9 | 1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9 |
redhat/java | <1.8.0-ibm-1:1.8.0.6.25-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.6.25-1jpp.1.el7 |
redhat/java | <1.7.1-ibm-1:1.7.1.4.80-1jpp.1.el7 | 1.7.1-ibm-1:1.7.1.4.80-1jpp.1.el7 |
redhat/java | <11-openjdk-1:11.0.9.11-0.el8_2 | 11-openjdk-1:11.0.9.11-0.el8_2 |
redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2 | 1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2 |
redhat/java | <1.8.0-ibm-1:1.8.0.6.25-2.el8_3 | 1.8.0-ibm-1:1.8.0.6.25-2.el8_3 |
redhat/java | <11-openjdk-1:11.0.9.11-0.el8_0 | 11-openjdk-1:11.0.9.11-0.el8_0 |
redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el8_0 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el8_0 |
redhat/java | <11-openjdk-1:11.0.9.11-0.el8_1 | 11-openjdk-1:11.0.9.11-0.el8_1 |
redhat/java | <1.8.0-openjdk-1:1.8.0.272.b10-0.el8_1 | 1.8.0-openjdk-1:1.8.0.272.b10-0.el8_1 |
debian/openjdk-11 | 11.0.16+8-1~deb10u1 11.0.20+8-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1 | |
debian/openjdk-8 | 8u382-ga-2 | |
IBM Cloud Pak for Automation | <=20.0.3-IF002 | |
IBM Cloud Pak for Automation | <=21.0.1 | |
Oracle GraalVM Enterprise Edition | =19.3.3 | |
Oracle GraalVM Enterprise Edition | =19.3.4 | |
Oracle GraalVM Enterprise Edition | =20.2.0 | |
Oracle GraalVM Enterprise Edition | =20.3.0 | |
Oracle JDK 6 | =7.0-update_281 | |
Oracle JDK 6 | =8.0-update_271 | |
Oracle JDK 6 | =11.0.8 | |
Oracle JDK 6 | =15.0 | |
Oracle JRE | =7.0-update_281 | |
Oracle JRE | =8.0-update_271 | |
Oracle JRE | =11.0.8 | |
Oracle JRE | =15.0 | |
NetApp 7-Mode Transition Tool | ||
netapp active iq unified manager windows | >=7.3 | |
NetApp Active IQ Unified Manager for VMware vSphere | >=9.5 | |
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.60.1 | |
netapp e-series santricity storage manager | ||
netapp e-series santricity Web services proxy | ||
netapp hci management node | ||
NetApp OnCommand Insight | ||
NetApp OnCommand Unified Manager for Windows | ||
NetApp SANtricity Cloud Connector | ||
netapp santricity unified manager | ||
netapp snapmanager Oracle | ||
netapp snapmanager sap | ||
netapp solidfire | ||
netapp hci storage node | ||
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
openSUSE Leap | =15.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2020-14803 is an unspecified vulnerability in Java SE that could allow an unauthenticated attacker to obtain sensitive information.
Java SE versions 11.0.8 and 15 are affected by CVE-2020-14803.
An unauthenticated attacker with network access via multiple protocols can compromise Java SE by exploiting CVE-2020-14803.
CVE-2020-14803 has a severity of 5.3 (medium).
You can find more information about CVE-2020-14803 and its patches on Oracle's security alerts page (https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA) and Red Hat's errata pages (https://access.redhat.com/errata/RHSA-2020:4306, https://access.redhat.com/errata/RHSA-2020:4305).