{"id":"CVE-2020-14577","details":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).","aliases":["BIT-java-2020-14577","BIT-java-min-2020-14577","BIT-jre-2020-14577"],"modified":"2026-05-15T12:03:59.486648955Z","published":"2020-07-15T18:15:23.753Z","related":["CGA-3vwx-2xqx-mv69","SUSE-SU-2020:14482-1","SUSE-SU-2020:14484-1","SUSE-SU-2020:2008-1","SUSE-SU-2020:2143-1","SUSE-SU-2020:2453-1","SUSE-SU-2020:2461-1","SUSE-SU-2020:2482-1","SUSE-SU-2020:2861-1","SUSE-SU-2020:3191-1","SUSE-SU-2020:3460-1","openSUSE-SU-2020:1175-1","openSUSE-SU-2020:1191-1","openSUSE-SU-2020:1893-1","openSUSE-SU-2020:2048-1","openSUSE-SU-2020:2083-1","openSUSE-SU-2024:10871-1","openSUSE-SU-2024:10872-1","openSUSE-SU-2024:10873-1","openSUSE-SU-2024:10876-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*"],"extracted_events":[{"last_affected":"16.04"},{"last_affected":"18.04"},{"last_affected":"20.04"}],"source":"CPE_FIELD","vendor_product":"canonical:ubuntu_linux"},{"cpes":["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"9.0"},{"last_affected":"11.0"}],"source":"CPE_FIELD","vendor_product":"debian:debian_linux"},{"cpes":["cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"31"},{"last_affected":"32"}],"source":"CPE_FIELD","vendor_product":"fedoraproject:fedora"},{"cpes":["cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*","cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*"],"extracted_events":[{"introduced":"7.3"},{"introduced":"9.5"}],"source":"CPE_FIELD","vendor_product":"netapp:active_iq_unified_manager"},{"cpes":["cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"11.0.0"},{"last_affected":"11.70.2"}],"source":"CPE_FIELD","vendor_product":"netapp:e-series_santricity_os_controller"},{"cpes":["cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"9.0.0"},{"last_affected":"9.0.4"}],"source":"CPE_FIELD","vendor_product":"netapp:storagegrid"},{"cpes":["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"15.1"},{"last_affected":"15.2"}],"source":"CPE_FIELD","vendor_product":"opensuse:leap"},{"cpes":["cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*","cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*","cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*","cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"1.7.0-update261"},{"last_affected":"1.8.0-update251"},{"last_affected":"11.0.7"},{"last_affected":"14.0.1"}],"source":"CPE_FIELD","vendor_product":"oracle:jdk"},{"cpes":["cpe:2.3:a:oracle:jre:1.7.0:update261:*:*:*:*:*:*","cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*","cpe:2.3:a:oracle:jre:11.0.7:*:*:*:*:*:*:*","cpe:2.3:a:oracle:jre:14.0.1:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"1.7.0-update261"},{"last_affected":"1.8.0-update251"},{"last_affected":"11.0.7"},{"last_affected":"14.0.1"}],"source":"CPE_FIELD","vendor_product":"oracle:jre"},{"cpes":["cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.6:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.7:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:13.0.2:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:13.0.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7-NA"},{"last_affected":"7-NA"},{"last_affected":"7-NA"},{"last_affected":"7-update1"},{"last_affected":"7-update1"},{"last_affected":"7-update1"},{"last_affected":"7-update10"},{"last_affected":"7-update10"},{"last_affected":"7-update10"},{"last_affected":"7-update11"},{"last_affected":"7-update11"},{"last_affected":"7-update11"},{"last_affected":"7-update13"},{"last_affected":"7-update13"},{"last_affected":"7-update13"},{"last_affected":"7-update15"},{"last_affected":"7-update15"},{"last_affected":"7-update15"},{"last_affected":"7-update151"},{"last_affected":"7-update151"},{"last_affected":"7-update151"},{"last_affected":"7-update161"},{"last_affected":"7-update161"},{"last_affected":"7-update161"},{"last_affected":"7-update17"},{"last_affected":"7-update17"},{"last_affected":"7-update17"},{"last_affected":"7-update171"},{"last_affected":"7-update171"},{"last_affected":"7-update171"},{"last_affected":"7-update181"},{"last_affected":"7-update181"},{"last_affected":"7-update181"},{"last_affected":"7-update191"},{"last_affected":"7-update191"},{"last_affected":"7-update191"},{"last_affected":"7-update2"},{"last_affected":"7-update2"},{"last_affected":"7-update2"},{"last_affected":"7-update201"},{"last_affected":"7-update201"},{"last_affected":"7-update201"},{"last_affected":"7-update21"},{"last_affected":"7-update21"},{"last_affected":"7-update21"},{"last_affected":"7-update211"},{"last_affected":"7-update211"},{"last_affected":"7-update211"},{"last_affected":"7-update221"},{"last_affected":"7-update221"},{"last_affected":"7-update221"},{"last_affected":"7-update231"},{"last_affected":"7-update231"},{"last_affected":"7-update231"},{"last_affected":"7-update241"},{"last_affected":"7-update241"},{"last_affected":"7-update241"},{"last_affected":"7-update251"},{"last_affected":"7-update251"},{"last_affected":"7-update251"},{"last_affected":"7-update261"},{"last_affected":"7-update261"},{"last_affected":"7-update261"},{"last_affected":"8-NA"},{"last_affected":"8-NA"},{"last_affected":"8-NA"},{"last_affected":"8-milestone1"},{"last_affected":"8-milestone1"},{"last_affected":"8-milestone1"},{"last_affected":"8-milestone2"},{"last_affected":"8-milestone2"},{"last_affected":"8-milestone2"},{"last_affected":"8-milestone3"},{"last_affected":"8-milestone3"},{"last_affected":"8-milestone3"},{"last_affected":"8-milestone4"},{"last_affected":"8-milestone4"},{"last_affected":"8-milestone4"},{"last_affected":"8-milestone5"},{"last_affected":"8-milestone5"},{"last_affected":"8-milestone5"},{"last_affected":"8-milestone6"},{"last_affected":"8-milestone6"},{"last_affected":"8-milestone6"},{"last_affected":"8-milestone7"},{"last_affected":"8-milestone7"},{"last_affected":"8-milestone7"},{"last_affected":"8-milestone8"},{"last_affected":"8-milestone8"},{"last_affected":"8-milestone8"},{"last_affected":"8-milestone9"},{"last_affected":"8-milestone9"},{"last_affected":"8-milestone9"},{"last_affected":"8-update141"},{"last_affected":"8-update141"},{"last_affected":"8-update141"},{"last_affected":"8-update151"},{"last_affected":"8-update151"},{"last_affected":"8-update151"},{"last_affected":"8-update152"},{"last_affected":"8-update152"},{"last_affected":"8-update152"},{"last_affected":"8-update161"},{"last_affected":"8-update161"},{"last_affected":"8-update161"},{"last_affected":"8-update162"},{"last_affected":"8-update162"},{"last_affected":"8-update162"},{"last_affected":"8-update171"},{"last_affected":"8-update171"},{"last_affected":"8-update171"},{"last_affected":"8-update172"},{"last_affected":"8-update172"},{"last_affected":"8-update172"},{"last_affected":"8-update181"},{"last_affected":"8-update181"},{"last_affected":"8-update181"},{"last_affected":"8-update191"},{"last_affected":"8-update191"},{"last_affected":"8-update191"},{"last_affected":"8-update192"},{"last_affected":"8-update192"},{"last_affected":"8-update192"},{"last_affected":"8-update201"},{"last_affected":"8-update201"},{"last_affected":"8-update201"},{"last_affected":"8-update202"},{"last_affected":"8-update202"},{"last_affected":"8-update202"},{"last_affected":"8-update211"},{"last_affected":"8-update211"},{"last_affected":"8-update211"},{"last_affected":"8-update212"},{"last_affected":"8-update212"},{"last_affected":"8-update212"},{"last_affected":"8-update221"},{"last_affected":"8-update221"},{"last_affected":"8-update221"},{"last_affected":"8-update222"},{"last_affected":"8-update222"},{"last_affected":"8-update222"},{"last_affected":"8-update231"},{"last_affected":"8-update231"},{"last_affected":"8-update231"},{"last_affected":"8-update232"},{"last_affected":"8-update232"},{"last_affected":"8-update232"},{"last_affected":"8-update241"},{"last_affected":"8-update241"},{"last_affected":"8-update241"},{"last_affected":"8-update242"},{"last_affected":"8-update242"},{"last_affected":"8-update242"},{"last_affected":"8-update252"},{"last_affected":"8-update252"},{"last_affected":"8-update252"},{"last_affected":"11.0.1"},{"last_affected":"11.0.1"},{"last_affected":"11.0.1"},{"last_affected":"11.0.2"},{"last_affected":"11.0.2"},{"last_affected":"11.0.2"},{"last_affected":"11.0.3"},{"last_affected":"11.0.3"},{"last_affected":"11.0.3"},{"last_affected":"11.0.4"},{"last_affected":"11.0.4"},{"last_affected":"11.0.4"},{"last_affected":"11.0.5"},{"last_affected":"11.0.5"},{"last_affected":"11.0.5"},{"last_affected":"11.0.6"},{"last_affected":"11.0.6"},{"last_affected":"11.0.6"},{"last_affected":"11.0.7"},{"last_affected":"11.0.7"},{"last_affected":"11.0.7"},{"last_affected":"13.0.1"},{"last_affected":"13.0.1"},{"last_affected":"13.0.1"},{"last_affected":"13.0.2"},{"last_affected":"13.0.2"},{"last_affected":"13.0.2"},{"last_affected":"13.0.3"},{"last_affected":"13.0.3"},{"last_affected":"13.0.3"}],"source":"CPE_FIELD","vendor_product":"oracle:openjdk"}]},"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202209-15"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200717-0005/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4433-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4453-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4734"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujul2020.html"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}