F5-K35253541
First published: Tue Dec 06 2022(Updated: )
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 BIG-IP and BIG-IQ Centralized Management | >=17.0.0<=17.1.1 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=16.1.0<=16.1.4 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=15.1.0<=15.1.10 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=14.1.0<=14.1.5 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=13.1.0<=13.1.5 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=8.0.0<=8.4.0 | |
| F5 BIG-IP and BIG-IQ Centralized Management | =7.1.0 | |
| F5 Traffix Systems Signaling Delivery Controller | =5.1.0 | 5.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of F5-K35253541?
The severity of F5-K35253541 is considered critical due to the ease of exploitation by unauthenticated attackers.
How do I fix F5-K35253541?
To fix F5-K35253541, upgrade to the latest supported version of the affected F5 BIG-IP or BIG-IQ systems.
Which versions are affected by F5-K35253541?
F5-K35253541 affects multiple F5 products including specific versions of BIG-IP and BIG-IQ from versions 13.1.0 to 17.1.1.
What systems are vulnerable to F5-K35253541?
F5-K35253541 impacts F5 BIG-IP, BIG-IQ, and Traffix SDC products that fall within specified version ranges.
Is user authentication required to exploit F5-K35253541?
No, F5-K35253541 can be exploited by an unauthenticated attacker with network access, making it particularly dangerous.
- agent/severity
- agent/references
- agent/last-modified-date
- agent/source
- agent/type
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- agent/tags
- collector/f5-advisory
- source/F5
- alias/CVE-2020-14797
- agent/software-canonical-lookup
- vendor/f5
- canonical/f5 big-ip and big-iq centralized management
- version/f5 big-ip and big-iq centralized management/17.0.0
- version/f5 big-ip and big-iq centralized management/17.1.1
- version/f5 big-ip and big-iq centralized management/16.1.0
- version/f5 big-ip and big-iq centralized management/16.1.4
- version/f5 big-ip and big-iq centralized management/15.1.0
- version/f5 big-ip and big-iq centralized management/15.1.10
- version/f5 big-ip and big-iq centralized management/14.1.0
- version/f5 big-ip and big-iq centralized management/14.1.5
- version/f5 big-ip and big-iq centralized management/13.1.0
- version/f5 big-ip and big-iq centralized management/13.1.5
- version/f5 big-ip and big-iq centralized management/8.0.0
- version/f5 big-ip and big-iq centralized management/8.4.0
- version/f5 big-ip and big-iq centralized management/7.1.0
- canonical/f5 traffix systems signaling delivery controller
- version/f5 traffix systems signaling delivery controller/5.1.0