CVE-2020-2585

Name of the Vulnerable Software and Affected Versions Java SE version 8u231

Description The issue is related to inadequate access control in the JavaFX component of Oracle Java SE, allowing an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all Java SE accessible data. This issue applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited through APIs in the specified component.

Recommendations For Java SE version 8u231, consider disabling the use of JavaFX component until a patch is available, and restrict access to APIs that supply data to the JavaFX component to minimize the risk of exploitation. Additionally, ensure that only trusted code is run in sandboxed Java Web Start applications or sandboxed Java applets. At the moment, there is no information about a newer version that contains a fix for this vulnerability.