PT-2020-2543 · Oracle+5 · Java Se Embedded+7

Published

2020-04-14

·

Updated

2026-05-08

·

CVE-2020-2756

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241
Description The issue is related to the Serialization component and is difficult to exploit, allowing an unauthenticated attacker with network access via multiple protocols to compromise Java SE and Java SE Embedded. Successful attacks can result in a partial denial of service. This issue can be exploited through sandboxed Java Web Start applications, sandboxed Java applets, or by supplying data to APIs in the specified component.
Recommendations For Java SE versions 7u251, 8u241, 11.0.6, and 14, consider disabling the Serialization component until a patch is available. For Java SE Embedded version 8u241, restrict access to the Serialization component to minimize the risk of exploitation. As a temporary workaround, avoid using APIs in the Serialization component without proper validation and sanitization of input data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Deserialization of Untrusted Data

Improper Handling of Exceptional Conditions

Weakness Enumeration

CWE-502CWE-264CWE-755

Related Identifiers

BDU:2020-02554
BIT-JAVA-2020-2756
BIT-JAVA-MIN-2020-2756
BIT-JRE-2020-2756
CESA-2020_1506
CESA-2020_1507
CESA-2020_1508
CESA-2020_1509
CESA-2020_1512
CESA-2020_1514
CESA-2020_1515
CESA-2020_2241
CVE-2020-2756
DLA-2193-1
DSA-4662-1
DSA-4668-1
MGASA-2020-0182
OPENSUSE-SU-2020:0757-1
OPENSUSE-SU-2020:0800-1
OPENSUSE-SU-2020_0757-1
OPENSUSE-SU-2020_0800-1
OPENSUSE-SU-2020_0841-1
OPENSUSE-SU-2024:10871-1
OPENSUSE-SU-2024:10872-1
OPENSUSE-SU-2024:10876-1
RHSA-2020:1506
RHSA-2020:1507
RHSA-2020:1508
RHSA-2020:1509
RHSA-2020:1512
RHSA-2020:1514
RHSA-2020:1515
RHSA-2020:1516
RHSA-2020:1517
RHSA-2020:2236
RHSA-2020:2237
RHSA-2020:2238
RHSA-2020:2239
RHSA-2020:2241
RHSA-2020_1506
RHSA-2020_1507
RHSA-2020_1508
RHSA-2020_1509
RHSA-2020_1512
RHSA-2020_1514
RHSA-2020_1515
RHSA-2020_2236
RHSA-2020_2237
RHSA-2020_2238
RHSA-2020_2239
RHSA-2020_2241
SUSE-SU-2020:14391-1
SUSE-SU-2020:14398-1
SUSE-SU-2020:1511-1
SUSE-SU-2020:1511-2
SUSE-SU-2020:1569-1
SUSE-SU-2020:1569-2
SUSE-SU-2020:1571-1
SUSE-SU-2020:1572-1
SUSE-SU-2020:1683-1
SUSE-SU-2020:1684-1
SUSE-SU-2020:1685-1
SUSE-SU-2020:1686-1
SUSE-SU-2020_1511-1
SUSE-SU-2020_1511-2
SUSE-SU-2020_1569-1
SUSE-SU-2020_1569-2
SUSE-SU-2020_1571-1
SUSE-SU-2020_1572-1
USN-4337-1

Affected Products

Centos
Ibm Aix
Java Platform
Java Se
Java Se Embedded
Red Hat
Suse
Ubuntu