CVE-2020-2601

MEDIUMMonitor

Published:Jan 15, 2020(6 years ago)

Modified:Nov 21, 2024

Remote ExploitNo Auth RequiredNo InteractionScope Changes

Vulnerability Description

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).

Attack Characteristics

Network AccessHigh ComplexityNo Auth NeededNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
oracle	jdk	-	-
oracle	jdk	-	-

Timeline

Published
CVE disclosed publicly
Jan 15, 20206 years ago
Last Modified
Most recent update
Nov 21, 20241 year ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050....Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060....Mailing List
https://access.redhat.com/errata/RHSA-2020:0122Third Party Advisory

CVSS Score

v3.1

6.8/ 10.0

MEDIUM

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

At a Glance

Affected Products

References

oracle / jdk

https://access.redhat.com/errata/RHSA-2020:0128Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0157Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0196Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0202Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0231Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0232Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0541Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0632Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/02/msg00034.htmlMailing List

https://seclists.org/bugtraq/2020/Feb/22Issue Tracking

https://seclists.org/bugtraq/2020/Jan/24Issue Tracking

https://security.gentoo.org/glsa/202101-19Third Party Advisory

https://security.netapp.com/advisory/ntap-20200122-0003/Third Party Advisory

https://usn.ubuntu.com/4257-1/Third Party Advisory

https://www.debian.org/security/2020/dsa-4605Third Party Advisory

https://www.debian.org/security/2020/dsa-4621Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2020.htmlPatch

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060....Mailing List

https://access.redhat.com/errata/RHSA-2020:0122Third Party Advisory