CVE-2020-2803

Name of the Vulnerable Software and Affected Versions Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241

Description The issue is related to insufficient access control in the Libraries component of Java SE and Java SE Embedded, allowing an unauthenticated attacker with network access via multiple protocols to compromise the system. Successful attacks require human interaction and may significantly impact additional products, potentially resulting in a takeover of Java SE and Java SE Embedded. This issue applies to Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, and rely on the Java sandbox for security.

Recommendations For Java SE versions 7u251, 8u241, 11.0.6, and 14, update to a version that contains the fix for this issue. For Java SE Embedded version 8u241, update to a version that contains the fix for this issue. As a temporary workaround, consider restricting access to the Libraries component until a patch is available. Avoid running untrusted code in Java deployments that rely on the Java sandbox for security.