{"id":"CVE-2020-14798","details":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).","aliases":["BIT-java-2020-14798","BIT-java-min-2020-14798","BIT-jre-2020-14798"],"modified":"2026-05-15T12:04:04.664397280Z","published":"2020-10-21T15:15:19.780Z","related":["CGA-jwg5-fq25-r24m","SUSE-SU-2020:14587-1","SUSE-SU-2020:14588-1","SUSE-SU-2020:3159-1","SUSE-SU-2020:3191-1","SUSE-SU-2020:3310-1","SUSE-SU-2020:3359-1","SUSE-SU-2020:3460-1","SUSE-SU-2020:3932-1","SUSE-SU-2021:0019-1","SUSE-SU-2021:0032-1","openSUSE-SU-2020:1893-1","openSUSE-SU-2020:1984-1","openSUSE-SU-2020:1994-1","openSUSE-SU-2020:2048-1","openSUSE-SU-2020:2083-1","openSUSE-SU-2024:10871-1","openSUSE-SU-2024:10872-1","openSUSE-SU-2024:10873-1","openSUSE-SU-2024:10876-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"9.0"},{"last_affected":"10.0"}],"vendor_product":"debian:debian_linux","cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]},{"cpes":["cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*","cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*"],"extracted_events":[{"introduced":"7.3"},{"introduced":"9.5"}],"vendor_product":"netapp:active_iq_unified_manager","source":"CPE_FIELD"},{"cpes":["cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"11.0.0"},{"last_affected":"11.60.1"}],"vendor_product":"netapp:e-series_santricity_os_controller","source":"CPE_FIELD"},{"cpes":["cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"15.2"}],"vendor_product":"opensuse:leap","source":"CPE_FIELD"},{"cpes":["cpe:2.3:a:oracle:jdk:1.7.0:update271:*:*:*:*:*:*","cpe:2.3:a:oracle:jdk:1.8.0:update261:*:*:*:*:*:*","cpe:2.3:a:oracle:jdk:11.0.8:*:*:*:*:*:*:*","cpe:2.3:a:oracle:jdk:15:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"1.7.0-update271"},{"last_affected":"1.8.0-update261"},{"last_affected":"11.0.8"},{"last_affected":"15"}],"vendor_product":"oracle:jdk","source":"CPE_FIELD"},{"cpes":["cpe:2.3:a:oracle:jre:1.7.0:update271:*:*:*:*:*:*","cpe:2.3:a:oracle:jre:1.8.0:update261:*:*:*:*:*:*","cpe:2.3:a:oracle:jre:11.0.8:*:*:*:*:*:*:*","cpe:2.3:a:oracle:jre:15:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"1.7.0-update271"},{"last_affected":"1.8.0-update261"},{"last_affected":"11.0.8"},{"last_affected":"15"}],"vendor_product":"oracle:jre","source":"CPE_FIELD"},{"cpes":["cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.6:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.7:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.8:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:13.0.2:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:13.0.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:13.0.4:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7-NA"},{"last_affected":"7-NA"},{"last_affected":"7-NA"},{"last_affected":"7-update1"},{"last_affected":"7-update1"},{"last_affected":"7-update1"},{"last_affected":"7-update10"},{"last_affected":"7-update10"},{"last_affected":"7-update10"},{"last_affected":"7-update11"},{"last_affected":"7-update11"},{"last_affected":"7-update11"},{"last_affected":"7-update13"},{"last_affected":"7-update13"},{"last_affected":"7-update13"},{"last_affected":"7-update15"},{"last_affected":"7-update15"},{"last_affected":"7-update15"},{"last_affected":"7-update151"},{"last_affected":"7-update151"},{"last_affected":"7-update151"},{"last_affected":"7-update161"},{"last_affected":"7-update161"},{"last_affected":"7-update161"},{"last_affected":"7-update17"},{"last_affected":"7-update17"},{"last_affected":"7-update17"},{"last_affected":"7-update171"},{"last_affected":"7-update171"},{"last_affected":"7-update171"},{"last_affected":"7-update181"},{"last_affected":"7-update181"},{"last_affected":"7-update181"},{"last_affected":"7-update191"},{"last_affected":"7-update191"},{"last_affected":"7-update191"},{"last_affected":"7-update2"},{"last_affected":"7-update2"},{"last_affected":"7-update2"},{"last_affected":"7-update201"},{"last_affected":"7-update201"},{"last_affected":"7-update201"},{"last_affected":"7-update21"},{"last_affected":"7-update21"},{"last_affected":"7-update21"},{"last_affected":"7-update211"},{"last_affected":"7-update211"},{"last_affected":"7-update211"},{"last_affected":"7-update221"},{"last_affected":"7-update221"},{"last_affected":"7-update221"},{"last_affected":"7-update231"},{"last_affected":"7-update231"},{"last_affected":"7-update231"},{"last_affected":"7-update241"},{"last_affected":"7-update241"},{"last_affected":"7-update241"},{"last_affected":"7-update251"},{"last_affected":"7-update251"},{"last_affected":"7-update251"},{"last_affected":"7-update261"},{"last_affected":"7-update261"},{"last_affected":"7-update261"},{"last_affected":"7-update271"},{"last_affected":"7-update271"},{"last_affected":"7-update271"},{"last_affected":"8-NA"},{"last_affected":"8-NA"},{"last_affected":"8-NA"},{"last_affected":"8-milestone1"},{"last_affected":"8-milestone1"},{"last_affected":"8-milestone1"},{"last_affected":"8-milestone2"},{"last_affected":"8-milestone2"},{"last_affected":"8-milestone2"},{"last_affected":"8-milestone3"},{"last_affected":"8-milestone3"},{"last_affected":"8-milestone3"},{"last_affected":"8-milestone4"},{"last_affected":"8-milestone4"},{"last_affected":"8-milestone4"},{"last_affected":"8-milestone5"},{"last_affected":"8-milestone5"},{"last_affected":"8-milestone5"},{"last_affected":"8-milestone6"},{"last_affected":"8-milestone6"},{"last_affected":"8-milestone6"},{"last_affected":"8-milestone7"},{"last_affected":"8-milestone7"},{"last_affected":"8-milestone7"},{"last_affected":"8-milestone8"},{"last_affected":"8-milestone8"},{"last_affected":"8-milestone8"},{"last_affected":"8-milestone9"},{"last_affected":"8-milestone9"},{"last_affected":"8-milestone9"},{"last_affected":"8-update141"},{"last_affected":"8-update141"},{"last_affected":"8-update141"},{"last_affected":"8-update151"},{"last_affected":"8-update151"},{"last_affected":"8-update151"},{"last_affected":"8-update152"},{"last_affected":"8-update152"},{"last_affected":"8-update152"},{"last_affected":"8-update161"},{"last_affected":"8-update161"},{"last_affected":"8-update161"},{"last_affected":"8-update162"},{"last_affected":"8-update162"},{"last_affected":"8-update162"},{"last_affected":"8-update171"},{"last_affected":"8-update171"},{"last_affected":"8-update171"},{"last_affected":"8-update172"},{"last_affected":"8-update172"},{"last_affected":"8-update172"},{"last_affected":"8-update181"},{"last_affected":"8-update181"},{"last_affected":"8-update181"},{"last_affected":"8-update191"},{"last_affected":"8-update191"},{"last_affected":"8-update191"},{"last_affected":"8-update192"},{"last_affected":"8-update192"},{"last_affected":"8-update192"},{"last_affected":"8-update201"},{"last_affected":"8-update201"},{"last_affected":"8-update201"},{"last_affected":"8-update202"},{"last_affected":"8-update202"},{"last_affected":"8-update202"},{"last_affected":"8-update211"},{"last_affected":"8-update211"},{"last_affected":"8-update211"},{"last_affected":"8-update212"},{"last_affected":"8-update212"},{"last_affected":"8-update212"},{"last_affected":"8-update221"},{"last_affected":"8-update221"},{"last_affected":"8-update221"},{"last_affected":"8-update222"},{"last_affected":"8-update222"},{"last_affected":"8-update222"},{"last_affected":"8-update231"},{"last_affected":"8-update231"},{"last_affected":"8-update231"},{"last_affected":"8-update232"},{"last_affected":"8-update232"},{"last_affected":"8-update232"},{"last_affected":"8-update241"},{"last_affected":"8-update241"},{"last_affected":"8-update241"},{"last_affected":"8-update242"},{"last_affected":"8-update242"},{"last_affected":"8-update242"},{"last_affected":"8-update252"},{"last_affected":"8-update252"},{"last_affected":"8-update252"},{"last_affected":"8-update262"},{"last_affected":"8-update262"},{"last_affected":"8-update262"},{"last_affected":"11.0.1"},{"last_affected":"11.0.1"},{"last_affected":"11.0.1"},{"last_affected":"11.0.2"},{"last_affected":"11.0.2"},{"last_affected":"11.0.2"},{"last_affected":"11.0.3"},{"last_affected":"11.0.3"},{"last_affected":"11.0.3"},{"last_affected":"11.0.4"},{"last_affected":"11.0.4"},{"last_affected":"11.0.4"},{"last_affected":"11.0.5"},{"last_affected":"11.0.5"},{"last_affected":"11.0.5"},{"last_affected":"11.0.6"},{"last_affected":"11.0.6"},{"last_affected":"11.0.6"},{"last_affected":"11.0.7"},{"last_affected":"11.0.7"},{"last_affected":"11.0.7"},{"last_affected":"11.0.8"},{"last_affected":"11.0.8"},{"last_affected":"11.0.8"},{"last_affected":"13.0.1"},{"last_affected":"13.0.1"},{"last_affected":"13.0.1"},{"last_affected":"13.0.2"},{"last_affected":"13.0.2"},{"last_affected":"13.0.2"},{"last_affected":"13.0.3"},{"last_affected":"13.0.3"},{"last_affected":"13.0.3"},{"last_affected":"13.0.4"},{"last_affected":"13.0.4"},{"last_affected":"13.0.4"}],"vendor_product":"oracle:openjdk","source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202101-19"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20201023-0004/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4779"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}