Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported
versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to
exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to
compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other
than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or
delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to
a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of
Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java
applets. It can also be exploited by supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
(CVE-2020-14792)
- Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that
are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows
unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE.
Successful attacks of this vulnerability can result in unauthorized access to critical data or complete
access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in
clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load
and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for
security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through
a web service which supplies data to the APIs. (CVE-2019-2745)
- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported
versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251.
Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to
compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized
read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server
deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and
sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component
without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web
service. (CVE-2020-14577)
- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported
versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit
vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise
Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to
cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and
server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the
specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as
through a web service. (CVE-2020-14578, CVE-2020-14579)
Plugin Details
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 7/16/2019
Reference Information
CVE: CVE-2019-2745, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621, CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798, CVE-2020-14803
BID: 109201