CVE-2020-14803

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Affected Software

Name	Vendor	Start Version	End Version
Graalvm	Oracle	19.3.3 (including)	19.3.3 (including)
Graalvm	Oracle	19.3.4 (including)	19.3.4 (including)
Graalvm	Oracle	20.2.0 (including)	20.2.0 (including)
Graalvm	Oracle	20.3.0 (including)	20.3.0 (including)
Jdk	Oracle	7.0-update_281 (including)	7.0-update_281 (including)
Jdk	Oracle	8.0-update_271 (including)	8.0-update_271 (including)
Jdk	Oracle	11.0.8 (including)	11.0.8 (including)
Jdk	Oracle	15.0 (including)	15.0 (including)
Jre	Oracle	7.0-update_281 (including)	7.0-update_281 (including)
Jre	Oracle	8.0-update_271 (including)	8.0-update_271 (including)
Jre	Oracle	11.0.8 (including)	11.0.8 (including)
Jre	Oracle	15.0 (including)	15.0 (including)
Red Hat Enterprise Linux 6	RedHat	java-1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10	*
Red Hat Enterprise Linux 7	RedHat	java-11-openjdk-1:11.0.9.11-0.el7_9	*
Red Hat Enterprise Linux 7	RedHat	java-1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9	*
Red Hat Enterprise Linux 7 Supplementary	RedHat	java-1.8.0-ibm-1:1.8.0.6.25-1jpp.1.el7	*
Red Hat Enterprise Linux 7 Supplementary	RedHat	java-1.7.1-ibm-1:1.7.1.4.80-1jpp.1.el7	*
Red Hat Enterprise Linux 8	RedHat	java-11-openjdk-1:11.0.9.11-0.el8_2	*
Red Hat Enterprise Linux 8	RedHat	java-1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2	*
Red Hat Enterprise Linux 8	RedHat	java-1.8.0-ibm-1:1.8.0.6.25-2.el8_3	*
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions	RedHat	java-11-openjdk-1:11.0.9.11-0.el8_0	*
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions	RedHat	java-1.8.0-openjdk-1:1.8.0.272.b10-0.el8_0	*
Red Hat Enterprise Linux 8.1 Extended Update Support	RedHat	java-11-openjdk-1:11.0.9.11-0.el8_1	*
Red Hat Enterprise Linux 8.1 Extended Update Support	RedHat	java-1.8.0-openjdk-1:1.8.0.272.b10-0.el8_1	*
Icedtea-web	Ubuntu	bionic	*
Icedtea-web	Ubuntu	groovy	*
Icedtea-web	Ubuntu	hirsute	*
Icedtea-web	Ubuntu	impish	*
Icedtea-web	Ubuntu	kinetic	*
Icedtea-web	Ubuntu	lunar	*
Icedtea-web	Ubuntu	mantic	*
Icedtea-web	Ubuntu	trusty	*
Icedtea-web	Ubuntu	xenial	*
Openjdk-13	Ubuntu	esm-apps/focal	*
Openjdk-13	Ubuntu	focal	*
Openjdk-13	Ubuntu	groovy	*
Openjdk-15	Ubuntu	groovy	*
Openjdk-15	Ubuntu	hirsute	*
Openjdk-8	Ubuntu	bionic	*
Openjdk-8	Ubuntu	focal	*
Openjdk-8	Ubuntu	groovy	*
Openjdk-8	Ubuntu	hirsute	*
Openjdk-8	Ubuntu	impish	*
Openjdk-8	Ubuntu	xenial	*
Openjdk-9	Ubuntu	esm-apps/xenial	*
Openjdk-9	Ubuntu	xenial	*
Openjdk-lts	Ubuntu	bionic	*
Openjdk-lts	Ubuntu	devel	*
Openjdk-lts	Ubuntu	focal	*
Openjdk-lts	Ubuntu	groovy	*
Openjdk-lts	Ubuntu	hirsute	*
Openjdk-lts	Ubuntu	impish	*
Openjdk-lts	Ubuntu	jammy	*
Openjdk-lts	Ubuntu	kinetic	*
Openjdk-lts	Ubuntu	lunar	*
Openjdk-lts	Ubuntu	mantic	*
Openjdk-lts	Ubuntu	noble	*
Openjdk-lts	Ubuntu	oracular	*
Openjdk-lts	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-14803
CWE	https://cwe.mitre.org/data/definitions/.html

Affected Software

References