CVE-2020-2604

HIGHScheduled

Published:Jan 15, 2020(6 years ago)

Modified:Nov 21, 2024

Remote ExploitNo Auth RequiredNo Interaction

Vulnerability Description

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Attack Characteristics

Network AccessHigh ComplexityNo Auth NeededNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
oracle	commerce_experience_manager	-	-
oracle	commerce_guided_search	-

Timeline

Published
CVE disclosed publicly
Jan 15, 20206 years ago
Last Modified
Most recent update
Nov 21, 20241 year ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050....Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060....Mailing List
https://access.redhat.com/errata/RHSA-2020:0122Third Party Advisory

CVSS Score

v3.1

8.1/ 10.0

HIGH

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

At a Glance

Affected Products

References

oracle / commerce_experience_manager

https://access.redhat.com/errata/RHSA-2020:0128Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0196Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0202Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0231Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0232Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0465Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0467Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0468Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0469Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0470Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0541Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0632Third Party Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10315Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/02/msg00034.htmlMailing List

https://seclists.org/bugtraq/2020/Feb/22Issue Tracking

https://security.gentoo.org/glsa/202101-19Third Party Advisory

https://security.netapp.com/advisory/ntap-20200122-0003/Third Party Advisory

https://usn.ubuntu.com/4257-1/Third Party Advisory

https://www.debian.org/security/2020/dsa-4621Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2020.htmlPatch

https://www.oracle.com/security-alerts/cpujul2021.htmlPatch

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060....Mailing List

https://access.redhat.com/errata/RHSA-2020:0122Third Party Advisory