Unrated severityNVD Advisory· Published Jan 15, 2020· Updated Sep 30, 2024
CVE-2020-2601
CVE-2020-2601
Description
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
Affected products
126- osv-coords125 versionspkg:apk/chainguard/openjdk-11pkg:apk/chainguard/openjdk-11-dbgpkg:apk/chainguard/openjdk-11-default-jdkpkg:apk/chainguard/openjdk-11-default-jvmpkg:apk/chainguard/openjdk-11-demospkg:apk/chainguard/openjdk-11-docpkg:apk/chainguard/openjdk-11-jmodspkg:apk/chainguard/openjdk-11-jrepkg:apk/chainguard/openjdk-11-jre-basepkg:apk/chainguard/openjdk-11-jre-docpkg:apk/chainguard/openjdk-11-jre-headlesspkg:apk/chainguard/openjdk-11-openj9pkg:apk/chainguard/openjdk-11-openj9-dbgpkg:apk/chainguard/openjdk-11-openj9-default-jdkpkg:apk/chainguard/openjdk-11-openj9-default-jvmpkg:apk/chainguard/openjdk-11-openj9-default-policypkg:apk/chainguard/openjdk-11-openj9-docpkg:apk/chainguard/openjdk-11-openj9-jmodspkg:apk/chainguard/openjdk-11-openj9-jrepkg:apk/chainguard/openjdk-12pkg:apk/chainguard/openjdk-12-default-jdkpkg:apk/chainguard/openjdk-12-default-jvmpkg:apk/chainguard/openjdk-12-demospkg:apk/chainguard/openjdk-12-docpkg:apk/chainguard/openjdk-12-jmodspkg:apk/chainguard/openjdk-12-jrepkg:apk/chainguard/openjdk-12-jre-basepkg:apk/chainguard/openjdk-17-openj9pkg:apk/chainguard/openjdk-17-openj9-dbgpkg:apk/chainguard/openjdk-17-openj9-default-jdkpkg:apk/chainguard/openjdk-17-openj9-default-jvmpkg:apk/chainguard/openjdk-17-openj9-default-policypkg:apk/chainguard/openjdk-17-openj9-docpkg:apk/chainguard/openjdk-17-openj9-jmodspkg:apk/chainguard/openjdk-17-openj9-jrepkg:apk/chainguard/openjdk-21-openj9pkg:apk/chainguard/openjdk-21-openj9-dbgpkg:apk/chainguard/openjdk-21-openj9-default-jdkpkg:apk/chainguard/openjdk-21-openj9-default-jvmpkg:apk/chainguard/openjdk-21-openj9-default-policypkg:apk/chainguard/openjdk-21-openj9-docpkg:apk/chainguard/openjdk-21-openj9-jmodspkg:apk/chainguard/openjdk-21-openj9-jrepkg:apk/chainguard/openjdk-8-openj9pkg:apk/chainguard/openjdk-8-openj9-dbgpkg:apk/chainguard/openjdk-8-openj9-default-jdkpkg:apk/chainguard/openjdk-8-openj9-default-jvmpkg:apk/chainguard/openjdk-8-openj9-docpkg:apk/chainguard/openjdk-8-openj9-jrepkg:apk/wolfi/openjdk-11pkg:apk/wolfi/openjdk-11-dbgpkg:apk/wolfi/openjdk-11-default-jdkpkg:apk/wolfi/openjdk-11-default-jvmpkg:apk/wolfi/openjdk-11-demospkg:apk/wolfi/openjdk-11-docpkg:apk/wolfi/openjdk-11-jmodspkg:apk/wolfi/openjdk-11-jrepkg:apk/wolfi/openjdk-11-jre-basepkg:apk/wolfi/openjdk-11-jre-docpkg:apk/wolfi/openjdk-11-jre-headlesspkg:apk/wolfi/openjdk-12pkg:apk/wolfi/openjdk-12-default-jdkpkg:apk/wolfi/openjdk-12-default-jvmpkg:apk/wolfi/openjdk-12-demospkg:apk/wolfi/openjdk-12-docpkg:apk/wolfi/openjdk-12-jmodspkg:apk/wolfi/openjdk-12-jrepkg:apk/wolfi/openjdk-12-jre-basepkg:bitnami/javapkg:bitnami/java-minpkg:bitnami/jrepkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-13-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-1_8_0-openjdk&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/java-1_8_0-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/java-1_7_0-openjdk&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/java-1_8_0-openjdk&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP1pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 0+ 124 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 12.0.2.10-r10
- (no CPE)range: < 12.0.2.10-r10
- (no CPE)range: < 12.0.2.10-r10
- (no CPE)range: < 12.0.2.10-r10
- (no CPE)range: < 12.0.2.10-r10
- (no CPE)range: < 12.0.2.10-r10
- (no CPE)range: < 12.0.2.10-r10
- (no CPE)range: < 12.0.2.10-r10
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 12.0.2.10-r10
- (no CPE)range: < 12.0.2.10-r10
- (no CPE)range: < 12.0.2.10-r10
- (no CPE)range: < 12.0.2.10-r10
- (no CPE)range: < 12.0.2.10-r10
- (no CPE)range: < 12.0.2.10-r10
- (no CPE)range: < 12.0.2.10-r10
- (no CPE)range: < 12.0.2.10-r10
- (no CPE)range: < 1.7.0
- (no CPE)range: < 1.7.0
- (no CPE)range: < 1.7.0
- (no CPE)range: < 11.0.6.0-lp151.3.12.1
- (no CPE)range: < 11.0.12.0-3.1
- (no CPE)range: < 13.0.8.0-3.1
- (no CPE)range: < 1.8.0.242-lp151.2.9.1
- (no CPE)range: < 1.8.0.302-2.2
- (no CPE)range: < 11.0.6.0-3.39.2
- (no CPE)range: < 11.0.6.0-3.39.2
- (no CPE)range: < 11.0.6.0-3.39.2
- (no CPE)range: < 11.0.6.0-3.39.2
- (no CPE)range: < 11.0.6.0-3.6.1
- (no CPE)range: < 11.0.6.0-3.39.2
- (no CPE)range: < 11.0.6.0-3.6.1
- (no CPE)range: < 11.0.6.0-3.39.2
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.7.0.251-43.35.1
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-3.30.2
- (no CPE)range: < 1.8.0.242-3.30.2
- (no CPE)range: < 1.8.0.242-3.30.2
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-3.30.2
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-3.30.2
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-27.41.1
- (no CPE)range: < 1.8.0.242-27.41.1
- Oracle Corporation/Javav5Range: Java SE: 7u241, 8u231, 11.0.5, 13.0.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
20- lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHSA-2020:0122mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2020:0128mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2020:0157mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2020:0196mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2020:0202mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2020:0231mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2020:0232mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2020:0541mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2020:0632mitrevendor-advisoryx_refsource_REDHAT
- security.gentoo.org/glsa/202101-19mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4257-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4605mitrevendor-advisoryx_refsource_DEBIAN
- www.debian.org/security/2020/dsa-4621mitrevendor-advisoryx_refsource_DEBIAN
- lists.debian.org/debian-lts-announce/2020/02/msg00034.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2020/Feb/22mitremailing-listx_refsource_BUGTRAQ
- seclists.org/bugtraq/2020/Jan/24mitremailing-listx_refsource_BUGTRAQ
- security.netapp.com/advisory/ntap-20200122-0003/mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpujan2020.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.