Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported
versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to
exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to
compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other
than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or
delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to
a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of
Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java
applets. It can also be exploited by supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
(CVE-2020-14792)
- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported
versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to
exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to
compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as
unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client
and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the
specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as
through a web service. (CVE-2020-14556)
- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported
versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251.
Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to
compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized
read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server
deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and
sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component
without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web
service. (CVE-2020-14577)
- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported
versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit
vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise
Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to
cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and
server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the
specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as
through a web service. (CVE-2020-14578, CVE-2020-14579)
Plugin Details
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 7/14/2020
Reference Information
CVE: CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621, CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798, CVE-2020-14803