CVE-2020-2604

CVSS V2 Medium 6.8 CVSS V3 High 8.1
Description
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Overview
  • CVE ID
  • CVE-2020-2604
  • Assigner
  • secalert_us@oracle.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2020-01-15T17:15:20
  • Last Modified Date
  • 2022-10-29T02:34:20
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:oracle:commerce_experience_manager:11.3.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:graalvm:19.3.0.2:*:*:*:enterprise:*:*:* 1 OR
cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:jre:1.8.0:update231:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:* 1 OR 11 11.0.5
cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:* 1 OR 13 13.0.1
cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:* 1 OR 7.3
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:* 1 OR 9.5
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:* 1 OR
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* 1 OR 11.0.0 11.60.1
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:* 1 OR
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:* 1 OR
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:* 1 OR
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:* 1 OR
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.8
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.4
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • HIGH
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 8.1
  • Base Severity
  • HIGH
  • Exploitability Score
  • 2.2
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://www.oracle.com/security-alerts/cpujan2020.html Patch Vendor Advisory
https://access.redhat.com/errata/RHSA-2020:0122 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0128 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0196 Third Party Advisory
https://security.netapp.com/advisory/ntap-20200122-0003/ Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0202 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0232 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0231 Third Party Advisory
https://usn.ubuntu.com/4257-1/ Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0470 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0467 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0465 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0468 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0469 Third Party Advisory
https://www.debian.org/security/2020/dsa-4621 Third Party Advisory
https://seclists.org/bugtraq/2020/Feb/22 Issue Tracking Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0541 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0632 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html Mailing List Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10315 Third Party Advisory
https://security.gentoo.org/glsa/202101-19 Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2021.html
History
Created Old Value New Value Data Type Notes
2022-05-10 07:04:03 Added to TrackCVE
2022-12-04 09:35:30 2020-01-15T17:15Z 2020-01-15T17:15:20 CVE Published Date updated
2022-12-04 09:35:30 2022-10-29T02:34:20 CVE Modified Date updated
2022-12-04 09:35:30 Analyzed Vulnerability Status updated