CVE-2020-2755

Name of the Vulnerable Software and Affected Versions Java SE versions 8u241, 11.0.6, and 14 Java SE Embedded version 8u241

Description The issue is related to the Scripting component and is difficult to exploit, allowing an unauthenticated attacker with network access via multiple protocols to compromise Java SE and Java SE Embedded. Successful attacks can result in a partial denial of service. This can be exploited through sandboxed Java Web Start applications, sandboxed Java applets, or by supplying data to APIs in the specified component.

Recommendations For Java SE versions 8u241, 11.0.6, and 14, update to a version that contains a fix for this issue. For Java SE Embedded version 8u241, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Scripting component until a patch is available. Avoid using the affected APIs in the Scripting component until the issue is resolved.