CVE-2020-14798 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-14798 PUBLISHED

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

EPSS 0.24% · 47.5th percentile

Risk Scores

EPSS Score

0.24%

47.5th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:24.04:LTS	icedtea-web	1.8.8-2ubuntu1, 1.8.8-2, 0
Ubuntu:20.04:LTS	icedtea-web	0, 1.8-0ubuntu8
Ubuntu:18.04:LTS	openjdk-8	8u191-b12-2ubuntu0.18.04.1, 8u191-b12-0ubuntu0.18.04.1, 8u181-b13-1ubuntu0.18.04.1
Ubuntu:16.04:LTS	openjdk-8	8u131-b11-2ubuntu1.16.04.3, 8u151-b12-0ubuntu0.16.04.2, 8u162-b12-0ubuntu0.16.04.2
Ubuntu:20.04:LTS	openjdk-lts	0, 11.0.5+10-0ubuntu1, 11.0.5+10-2ubuntu1
Ubuntu:18.04:LTS	openjdk-lts	10.0.2+13-1ubuntu0.18.04.2, 0, 9.0.4+12-2ubuntu4
Ubuntu:22.04:LTS	icedtea-web	0, 1.8.4-1build1
Ubuntu:20.04:LTS	openjdk-13	13.0.4+8-1~20.04, 13.0.3+3-1ubuntu2, 13.0.2+8-2
Ubuntu:16.04:LTS	icedtea-web	1.5.2-1ubuntu2, 1.6.2-3ubuntu1, 1.6.2-2ubuntu1
Ubuntu:20.04:LTS	openjdk-8	0, 8u252-b07-1, 8u252-b09-1ubuntu1
Ubuntu:25.10	icedtea-web	1.8.8-3, 0
Ubuntu:16.04:LTS	openjdk-9	9~b102-1, 9~b114-0ubuntu1, 9~b113-0ubuntu1
Ubuntu:18.04:LTS	icedtea-web	0, 1.6.2-3.1ubuntu3, 1.8-0ubuntu8~18.04

Timeline

Oct 20, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2020-14798 third-party-advisory
https://www.oracle.com/security-alerts/cpuoct2020.html third-party-advisory
https://ubuntu.com/security/notices/USN-4607-1 vendor-advisory
https://ubuntu.com/security/notices/USN-4607-2 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2020-14798 third-party-advisory

Open in Interactive Console →