First published: Tue Apr 14 2020(Updated: )
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <11-openjdk-1:11.0.7.10-4.el7_8 | 11-openjdk-1:11.0.7.10-4.el7_8 |
redhat/java | <11-openjdk-1:11.0.7.10-1.el8_1 | 11-openjdk-1:11.0.7.10-1.el8_1 |
redhat/java | <11-openjdk-1:11.0.7.10-1.el8_0 | 11-openjdk-1:11.0.7.10-1.el8_0 |
ubuntu/openjdk-14 | <14.0.1+7-1ubuntu1 | 14.0.1+7-1ubuntu1 |
ubuntu/openjdk-14 | <14.0.1+7-1 | 14.0.1+7-1 |
ubuntu/openjdk-lts | <11.0.7+10-2ubuntu2~18.04 | 11.0.7+10-2ubuntu2~18.04 |
ubuntu/openjdk-lts | <11.0.7+10-2ubuntu2~19.10 | 11.0.7+10-2ubuntu2~19.10 |
ubuntu/openjdk-lts | <11.0.7+10-2ubuntu1 | 11.0.7+10-2ubuntu1 |
ubuntu/openjdk-lts | <11.0.7+10-1 | 11.0.7+10-1 |
debian/openjdk-11 | 11.0.16+8-1~deb10u1 11.0.22+7-1~deb10u1 11.0.22+7-1~deb11u1 11.0.23+9-1 | |
Oracle JDK | =11.0.6 | |
Oracle JDK | =14.0.0 | |
Oracle JRE | =11.0.6 | |
Oracle JRE | =14.0.0 | |
Oracle OpenJDK | >=11<=11.0.6 | |
Oracle OpenJDK | >=13<=13.0.2 | |
Oracle OpenJDK | =7 | |
Oracle OpenJDK | =7-update1 | |
Oracle OpenJDK | =7-update10 | |
Oracle OpenJDK | =7-update101 | |
Oracle OpenJDK | =7-update11 | |
Oracle OpenJDK | =7-update111 | |
Oracle OpenJDK | =7-update121 | |
Oracle OpenJDK | =7-update13 | |
Oracle OpenJDK | =7-update131 | |
Oracle OpenJDK | =7-update141 | |
Oracle OpenJDK | =7-update15 | |
Oracle OpenJDK | =7-update151 | |
Oracle OpenJDK | =7-update161 | |
Oracle OpenJDK | =7-update17 | |
Oracle OpenJDK | =7-update171 | |
Oracle OpenJDK | =7-update181 | |
Oracle OpenJDK | =7-update191 | |
Oracle OpenJDK | =7-update2 | |
Oracle OpenJDK | =7-update201 | |
Oracle OpenJDK | =7-update21 | |
Oracle OpenJDK | =7-update211 | |
Oracle OpenJDK | =7-update221 | |
Oracle OpenJDK | =7-update231 | |
Oracle OpenJDK | =7-update241 | |
Oracle OpenJDK | =7-update25 | |
Oracle OpenJDK | =7-update251 | |
Oracle OpenJDK | =7-update3 | |
Oracle OpenJDK | =7-update4 | |
Oracle OpenJDK | =7-update40 | |
Oracle OpenJDK | =7-update45 | |
Oracle OpenJDK | =7-update5 | |
Oracle OpenJDK | =7-update51 | |
Oracle OpenJDK | =7-update55 | |
Oracle OpenJDK | =7-update6 | |
Oracle OpenJDK | =7-update60 | |
Oracle OpenJDK | =7-update65 | |
Oracle OpenJDK | =7-update67 | |
Oracle OpenJDK | =7-update7 | |
Oracle OpenJDK | =7-update72 | |
Oracle OpenJDK | =7-update76 | |
Oracle OpenJDK | =7-update80 | |
Oracle OpenJDK | =7-update85 | |
Oracle OpenJDK | =7-update9 | |
Oracle OpenJDK | =7-update91 | |
Oracle OpenJDK | =7-update95 | |
Oracle OpenJDK | =7-update97 | |
Oracle OpenJDK | =7-update99 | |
Oracle OpenJDK | =8 | |
Oracle OpenJDK | =8-update101 | |
Oracle OpenJDK | =8-update102 | |
Oracle OpenJDK | =8-update11 | |
Oracle OpenJDK | =8-update111 | |
Oracle OpenJDK | =8-update112 | |
Oracle OpenJDK | =8-update121 | |
Oracle OpenJDK | =8-update131 | |
Oracle OpenJDK | =8-update141 | |
Oracle OpenJDK | =8-update151 | |
Oracle OpenJDK | =8-update152 | |
Oracle OpenJDK | =8-update161 | |
Oracle OpenJDK | =8-update162 | |
Oracle OpenJDK | =8-update171 | |
Oracle OpenJDK | =8-update172 | |
Oracle OpenJDK | =8-update181 | |
Oracle OpenJDK | =8-update191 | |
Oracle OpenJDK | =8-update192 | |
Oracle OpenJDK | =8-update20 | |
Oracle OpenJDK | =8-update201 | |
Oracle OpenJDK | =8-update202 | |
Oracle OpenJDK | =8-update211 | |
Oracle OpenJDK | =8-update212 | |
Oracle OpenJDK | =8-update221 | |
Oracle OpenJDK | =8-update231 | |
Oracle OpenJDK | =8-update241 | |
Oracle OpenJDK | =8-update25 | |
Oracle OpenJDK | =8-update31 | |
Oracle OpenJDK | =8-update40 | |
Oracle OpenJDK | =8-update45 | |
Oracle OpenJDK | =8-update5 | |
Oracle OpenJDK | =8-update51 | |
Oracle OpenJDK | =8-update60 | |
Oracle OpenJDK | =8-update65 | |
Oracle OpenJDK | =8-update66 | |
Oracle OpenJDK | =8-update71 | |
Oracle OpenJDK | =8-update72 | |
Oracle OpenJDK | =8-update73 | |
Oracle OpenJDK | =8-update74 | |
Oracle OpenJDK | =8-update77 | |
Oracle OpenJDK | =8-update91 | |
Oracle OpenJDK | =8-update92 | |
Oracle OpenJDK | =14 | |
NetApp 7-Mode Transition Tool | ||
Netapp Active Iq Unified Manager Windows | >=7.3 | |
Netapp Active Iq Unified Manager Vsphere | >=9.5 | |
Netapp Cloud Backup | ||
Netapp E-series Performance Analyzer | ||
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.60.1 | |
Netapp E-series Santricity Web Services Web Services Proxy | ||
NetApp OnCommand Insight | ||
NetApp OnCommand Workflow Automation | ||
Netapp Plug-in For Symantec Netbackup | ||
Netapp Santricity Unified Manager | ||
Netapp Snapmanager Sap | ||
Netapp Snapmanager Oracle | ||
Netapp Steelstore Cloud Integrated Storage | ||
Netapp Storagegrid | >=9.0.0<=9.0.4 | |
Netapp Storagegrid | ||
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.10 | |
Debian Debian Linux | =10.0 | |
openSUSE Leap | =15.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)