CVE-2020-2654

LOWMonitor

Published:Jan 15, 2020(6 years ago)

Modified:Nov 21, 2024

Remote ExploitNo Auth RequiredNo Interaction

Vulnerability Description

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Attack Characteristics

Network AccessHigh ComplexityNo Auth NeededNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
oracle	jdk	-	-
oracle	jdk	-	-

Timeline

Published
CVE disclosed publicly
Jan 15, 20206 years ago
Last Modified
Most recent update
Nov 21, 20241 year ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

https://access.redhat.com/errata/RHSA-2020:0632Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10315Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/02/msg00034.htmlMailing List

CVSS Score

v3.1

3.7/ 10.0

LOW

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

At a Glance

Affected Products

References

oracle / jdk +74 more

https://seclists.org/bugtraq/2020/Feb/22Issue Tracking

https://seclists.org/bugtraq/2020/Jan/24Issue Tracking

https://security.gentoo.org/glsa/202101-19Third Party Advisory

https://security.netapp.com/advisory/ntap-20200122-0003/Third Party Advisory

https://usn.ubuntu.com/4257-1/Third Party Advisory

https://www.debian.org/security/2020/dsa-4605Third Party Advisory

https://www.debian.org/security/2020/dsa-4621Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2020.htmlPatch

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050....Mailing List

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060....Mailing List

https://access.redhat.com/errata/RHSA-2020:0122Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0128Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0157Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0196Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0202Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0231Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0232Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0541Third Party Advisory