CVE-2020-14621

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-14621
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html Mailing List Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10332 Third Party Advisory
https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/
https://security.gentoo.org/glsa/202008-24 Third Party Advisory
https://security.gentoo.org/glsa/202209-15 Third Party Advisory
https://security.netapp.com/advisory/ntap-20200717-0005/ Third Party Advisory
https://usn.ubuntu.com/4433-1/ Third Party Advisory
https://usn.ubuntu.com/4453-1/ Third Party Advisory
https://www.debian.org/security/2020/dsa-4734 Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
History

27 Oct 2022, 22:58

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202209-15 - Third Party Advisory

01 Jul 2022, 19:40

Type Values Removed Values Added
References (DEBIAN) https://www.debian.org/security/2020/dsa-4734 - (DEBIAN) https://www.debian.org/security/2020/dsa-4734 - Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html - Mailing List, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4453-1/ - (UBUNTU) https://usn.ubuntu.com/4453-1/ - Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20200717-0005/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20200717-0005/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/ - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103@%3Cj-users.xerces.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103@%3Cj-users.xerces.apache.org%3E - Mailing List, Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202008-24 - (GENTOO) https://security.gentoo.org/glsa/202008-24 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/ - Mailing List, Third Party Advisory
References (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10332 - (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10332 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html - Mailing List, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4433-1/ - (UBUNTU) https://usn.ubuntu.com/4433-1/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/ - Mailing List, Third Party Advisory
CPE cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*
cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*

13 May 2022, 14:57

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:jdk:1.7.0:update_261:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update_251:*:*:*:*:*:*		 cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*

13 May 2022, 12:55

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:jdk:1.8.0:update_251:*:*:*:*:*:* cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*
Information

Published : 2020-07-15 18:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-14621

Mitre link : CVE-2020-14621

CVE.ORG link : CVE-2020-14621

JSON object : View

Products Affected

netapp

  • e-series_santricity_storage_manager
  • santricity_unified_manager
  • oncommand_insight
  • plug-in_for_symantec_netbackup
  • oncommand_workflow_automation
  • active_iq_unified_manager
  • steelstore_cloud_integrated_storage
  • cloud_backup
  • e-series_santricity_os_controller
  • snapmanager
  • oncommand_unified_manager_core_package
  • e-series_santricity_web_services
  • e-series_performance_analyzer
  • 7-mode_transition_tool
  • cloud_secure_agent

canonical

  • ubuntu_linux

oracle

  • jdk
  • jre

debian

  • debian_linux

mcafee

  • epolicy_orchestrator

opensuse

  • leap

fedoraproject

  • fedora
CWE
NVD-CWE-noinfo