CVE-2020-2655

Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.5 and 13.0.1

Description The issue is related to a vulnerability in the Java Secure Socket Extension (JSSE) component of Oracle Java SE, which is difficult to exploit and allows an unauthenticated attacker with network access via HTTPS to compromise Java SE. This can result in unauthorized update, insert, or delete access to some of Java SE's accessible data, as well as unauthorized read access to a subset of Java SE's accessible data. The vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited by using APIs in the specified component.

Recommendations For Java SE version 11.0.5, update to a version that contains a fix for this issue. For Java SE version 13.0.1, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the JSSE component until a patch is available. Avoid using the JSSE component for client authentication until the issue is resolved.