CVE-2020-2585
First published: Wed Jan 15 2020(Updated: )
Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle JDK | =1.8.0-update231 | |
| Oracle JRE | =1.8.0-update231 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Netapp Active Iq Unified Manager Windows | ||
| Netapp Cloud Backup | ||
| Netapp E-series Performance Analyzer | ||
| Netapp E-series Santricity Management Plug-ins Vmware Vcenter | ||
| NetApp E-Series SANtricity OS Controller | >=11.0<=11.70.2 | |
| Netapp E-series Santricity Storage Manager | ||
| Netapp E-series Santricity Web Services Web Services Proxy | ||
| NetApp OnCommand Insight | ||
| NetApp OnCommand Workflow Automation | ||
| Netapp Plug-in For Symantec Netbackup | ||
| Netapp Santricity Unified Manager | ||
| Netapp Steelstore Cloud Integrated Storage |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Java SE vulnerability?
The vulnerability ID for this Java SE vulnerability is CVE-2020-2585.
What is the affected software for this vulnerability?
The affected software for this vulnerability is Oracle Java SE 8u231, Oracle JDK 1.8.0-update231, and Oracle JRE 1.8.0-update231.
What is the severity level of CVE-2020-2585?
The severity level of CVE-2020-2585 is medium with a CVSS score of 5.9.
How can an attacker exploit this vulnerability?
An unauthenticated attacker with network access can exploit this vulnerability via multiple protocols to compromise Java SE.
Where can I find more information about CVE-2020-2585?
You can find more information about CVE-2020-2585 at the following references: [link1], [link2], [link3].
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/author
- agent/remedy
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/oracle
- canonical/oracle jdk
- version/oracle jdk/1.8.0-update231
- canonical/oracle jre
- version/oracle jre/1.8.0-update231
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp active iq unified manager windows
- canonical/netapp cloud backup
- canonical/netapp e-series performance analyzer
- canonical/netapp e-series santricity management plug-ins vmware vcenter
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0
- version/netapp e-series santricity os controller/11.70.2
- canonical/netapp e-series santricity storage manager
- canonical/netapp e-series santricity web services web services proxy
- canonical/netapp oncommand insight
- canonical/netapp oncommand workflow automation
- canonical/netapp plug-in for symantec netbackup
- canonical/netapp santricity unified manager
- canonical/netapp steelstore cloud integrated storage