CVE-2020-2816

Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.6 and 14

Description The issue is related to insufficient input validation in the JSSE component of Oracle Java SE. It allows an unauthenticated attacker with network access via HTTPS to compromise Java SE, resulting in unauthorized creation, deletion, or modification access to critical data or all Java SE accessible data. This can be exploited by supplying data to APIs in the specified component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service.

Recommendations For Java SE version 11.0.6, update to a version that includes the fix for this issue. For Java SE version 14, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the JSSE component until a patch is available. Avoid using the JSSE component for untrusted connections or inputs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.