PT-2020-2600 · Oracle+5 · Java Se Embedded+7

Marc Durdin

·

Published

2020-04-14

·

Updated

2026-05-08

·

CVE-2020-2830

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241
Description The issue is related to insufficient input validation in the Concurrency component of Oracle Java SE and Java SE Embedded. This can be exploited by an unauthenticated attacker with network access via multiple protocols, potentially leading to a partial denial of service. The vulnerability can be exploited through sandboxed Java Web Start applications, sandboxed Java applets, or by supplying data to APIs in the specified component.
Recommendations For Java SE versions 7u251, 8u241, 11.0.6, and 14, consider disabling the Concurrency component until a patch is available. For Java SE Embedded version 8u241, restrict access to the Concurrency component to minimize the risk of exploitation. As a temporary workaround, avoid using APIs in the Concurrency component without proper input validation until the issue is resolved.

Fix

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2020-02634
BIT-JAVA-2020-2830
BIT-JAVA-MIN-2020-2830
BIT-JRE-2020-2830
CESA-2020_1506
CESA-2020_1507
CESA-2020_1508
CESA-2020_1509
CESA-2020_1512
CESA-2020_1514
CESA-2020_1515
CESA-2020_2241
CVE-2020-2830
DLA-2193-1
DSA-4662-1
DSA-4668-1
MGASA-2020-0182
OPENSUSE-SU-2020:0757-1
OPENSUSE-SU-2020:0800-1
OPENSUSE-SU-2020_0757-1
OPENSUSE-SU-2020_0800-1
OPENSUSE-SU-2020_0841-1
OPENSUSE-SU-2024:10871-1
OPENSUSE-SU-2024:10872-1
OPENSUSE-SU-2024:10876-1
RHSA-2020:1506
RHSA-2020:1507
RHSA-2020:1508
RHSA-2020:1509
RHSA-2020:1512
RHSA-2020:1514
RHSA-2020:1515
RHSA-2020:1516
RHSA-2020:1517
RHSA-2020:2236
RHSA-2020:2237
RHSA-2020:2238
RHSA-2020:2239
RHSA-2020:2241
RHSA-2020_1506
RHSA-2020_1507
RHSA-2020_1508
RHSA-2020_1509
RHSA-2020_1512
RHSA-2020_1514
RHSA-2020_1515
RHSA-2020_2236
RHSA-2020_2237
RHSA-2020_2238
RHSA-2020_2239
RHSA-2020_2241
SUSE-SU-2020:14391-1
SUSE-SU-2020:14398-1
SUSE-SU-2020:1511-1
SUSE-SU-2020:1511-2
SUSE-SU-2020:1569-1
SUSE-SU-2020:1569-2
SUSE-SU-2020:1571-1
SUSE-SU-2020:1572-1
SUSE-SU-2020:1683-1
SUSE-SU-2020:1684-1
SUSE-SU-2020:1685-1
SUSE-SU-2020:1686-1
SUSE-SU-2020_1511-1
SUSE-SU-2020_1511-2
SUSE-SU-2020_1569-1
SUSE-SU-2020_1569-2
SUSE-SU-2020_1571-1
SUSE-SU-2020_1572-1
USN-4337-1

Affected Products

Centos
Ibm Aix
Java Platform
Java Se
Java Se Embedded
Red Hat
Suse
Ubuntu