CVE-2020-2778

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.6 and 14

Description The issue is related to insufficient access control in the JSSE component of Oracle Java SE, allowing a remote attacker to gain unauthorized access to protected information via the HTTPS protocol. This can result in unauthorized read access to a subset of Java SE accessible data. The vulnerability can be exploited through sandboxed Java Web Start applications, sandboxed Java applets, or by supplying data to APIs in the specified component.

Recommendations For Java SE version 11.0.6, update to a version that includes the fix for this issue. For Java SE version 14, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the JSSE component until a patch is available. Avoid using the JSSE component for sensitive operations until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2020-02629

BIT-JAVA-2020-2778

BIT-JAVA-MIN-2020-2778

BIT-JRE-2020-2778

CESA-2020_1509

CESA-2020_1514

CVE-2020-2778

DSA-4662-1

OPENSUSE-SU-2020:0757-1

OPENSUSE-SU-2020_0757-1

OPENSUSE-SU-2024:10871-1

OPENSUSE-SU-2024:10872-1

RHSA-2020:1509

RHSA-2020:1514

RHSA-2020:1517

RHSA-2020_1509

RHSA-2020_1514

SUSE-SU-2020:1511-1

SUSE-SU-2020:1511-2

SUSE-SU-2020:1572-1

SUSE-SU-2020_1511-1

SUSE-SU-2020_1511-2

SUSE-SU-2020_1572-1

USN-4337-1

Affected Products

Centos

Java Platform

Java Se

Red Hat

Suse

Ubuntu

CVE-2020-2778

Weakness Enumeration

Related Identifiers

Affected Products

References · 142