PT-2020-1414 · Oracle+5 · Java Se+6

Bo Zhang

+1

·

Published

2020-01-14

·

Updated

2026-05-08

·

CVE-2020-2654

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions Java SE versions 7u241, 8u231, 11.0.5, and 13.0.1
Description The issue is related to inadequate access control in the Libraries component of Oracle Java SE, which can be exploited by an unauthenticated attacker with network access via multiple protocols to cause a partial denial of service. This can result in unauthorized ability to compromise Java SE, leading to a low availability impact. The vulnerability can only be exploited by supplying data to APIs in the specified component without using untrusted applications or applets.
Recommendations For Java SE version 7u241, update to a version that fixes this issue. For Java SE version 8u231, update to a version that fixes this issue. For Java SE version 11.0.5, update to a version that fixes this issue. For Java SE version 13.0.1, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the Libraries component until a patch is available. Avoid using APIs in the Libraries component without proper validation and sanitization of input data.

Exploit

Fix

Improper Access Control

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2020-00387
BIT-JAVA-2020-2654
BIT-JAVA-MIN-2020-2654
BIT-JRE-2020-2654
CESA-2020_0122
CESA-2020_0128
CESA-2020_0157
CESA-2020_0196
CESA-2020_0202
CESA-2020_0541
CESA-2020_0632
CESA-2020_2241
CVE-2020-2654
DLA-2128-1
DSA-4605-1
DSA-4621-1
MGASA-2020-0069
OPENSUSE-SU-2020:0113-1
OPENSUSE-SU-2020:0147-1
OPENSUSE-SU-2020_0113-1
OPENSUSE-SU-2020_0147-1
OPENSUSE-SU-2024:10871-1
OPENSUSE-SU-2024:10872-1
OPENSUSE-SU-2024:10876-1
RHSA-2020:0122
RHSA-2020:0128
RHSA-2020:0157
RHSA-2020:0196
RHSA-2020:0202
RHSA-2020:0231
RHSA-2020:0232
RHSA-2020:0541
RHSA-2020:0632
RHSA-2020:2236
RHSA-2020:2237
RHSA-2020:2238
RHSA-2020:2239
RHSA-2020:2241
RHSA-2020_0122
RHSA-2020_0128
RHSA-2020_0157
RHSA-2020_0196
RHSA-2020_0202
RHSA-2020_0541
RHSA-2020_0632
RHSA-2020_2236
RHSA-2020_2237
RHSA-2020_2238
RHSA-2020_2239
RHSA-2020_2241
SUSE-SU-2020:0140-1
SUSE-SU-2020:0213-1
SUSE-SU-2020:0231-1
SUSE-SU-2020:0261-1
SUSE-SU-2020:0628-1
SUSE-SU-2020:14391-1
SUSE-SU-2020:14398-1
SUSE-SU-2020:1683-1
SUSE-SU-2020:1684-1
SUSE-SU-2020:1685-1
SUSE-SU-2020_14398-1
SUSE-SU-2020_1683-1
USN-4257-1

Affected Products

Centos
Ibm Aix
Java Platform
Java Se
Red Hat
Suse
Ubuntu