CVE-2020-2754

Name of the Vulnerable Software and Affected Versions Java SE versions 8u241, 11.0.6, and 14 Java SE Embedded version 8u241

Description The issue is related to the Scripting component and is due to insufficient access controls. It allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE and Java SE Embedded, resulting in a partial denial of service. This can be exploited through sandboxed Java Web Start applications, sandboxed Java applets, or by supplying data to APIs in the specified component. The vulnerability can affect both client and server deployments of Java.

Recommendations For Java SE versions 8u241, 11.0.6, and 14, consider disabling the Scripting component until a patch is available. For Java SE Embedded version 8u241, restrict access to the Scripting component to minimize the risk of exploitation. As a temporary workaround, avoid using APIs in the specified component without proper access controls until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.