CVE-2020-2767

Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.6 and 14

Description The issue is related to insufficient access control in the JSSE component of Java SE, allowing an unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks can result in unauthorized update, insert, or delete access to some of Java SE's accessible data, as well as unauthorized read access to a subset of Java SE's accessible data. This issue can be exploited through sandboxed Java Web Start applications, sandboxed Java applets, or by supplying data to APIs in the specified component without using sandboxed applications or applets.

Recommendations For Java SE version 11.0.6, update to a version that includes the fix for this issue. For Java SE version 14, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the JSSE component until a patch is available. Avoid using the JSSE component for sensitive operations until the issue is resolved.