CVE-2020-14664

Name of the Vulnerable Software and Affected Versions Oracle Java SE version 8u251

Description The issue is related to insufficient input validation in the JavaFX component, allowing an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction and can result in the takeover of Java SE. This vulnerability applies to Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, and rely on the Java sandbox for security.

Recommendations For Oracle Java SE version 8u251, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of the JavaFX component until a patch is available. Avoid running untrusted code in Java deployments that rely on the Java sandbox for security. Restrict access to sandboxed Java Web Start applications or sandboxed Java applets to minimize the risk of exploitation.