PT-2020-3532 · Oracle+3 · Java Se Embedded+5

Published

2020-07-14

·

Updated

2026-05-08

·

CVE-2020-14581

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Java SE versions 8u251, 11.0.7, and 14.0.1 Java SE Embedded version 8u251
Description The issue is related to insufficient input validation in the 2D component of Oracle Java SE and Java SE Embedded. It allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE and Java SE Embedded, resulting in unauthorized read access to a subset of accessible data. This can be exploited through sandboxed Java Web Start applications, sandboxed Java applets, or by supplying data to APIs in the specified component.
Recommendations For Java SE versions 8u251, 11.0.7, and 14.0.1, consider disabling the 2D component until a patch is available. For Java SE Embedded version 8u251, restrict access to the 2D component to minimize the risk of exploitation. As a temporary workaround, avoid using APIs in the 2D component without proper input validation until the issue is resolved.

Fix

RCE

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2020-03864
BIT-JAVA-2020-14581
BIT-JAVA-MIN-2020-14581
BIT-JRE-2020-14581
CVE-2020-14581
DLA-2325-1
DSA-4734-1
OESA-2024-2485
OESA-2024-2486
OESA-2024-2487
OESA-2024-2488
OESA-2024-2489
OPENSUSE-SU-2020:1175-1
OPENSUSE-SU-2020:1191-1
OPENSUSE-SU-2020:1893-1
OPENSUSE-SU-2020:2048-1
OPENSUSE-SU-2020:2083-1
OPENSUSE-SU-2020_1175-1
OPENSUSE-SU-2020_1191-1
OPENSUSE-SU-2020_1893-1
OPENSUSE-SU-2020_2048-1
OPENSUSE-SU-2020_2083-1
OPENSUSE-SU-2024:10871-1
OPENSUSE-SU-2024:10872-1
OPENSUSE-SU-2024:10873-1
OPENSUSE-SU-2024:10876-1
SUSE-SU-2020:2008-1
SUSE-SU-2020:2143-1
SUSE-SU-2020:2453-1
SUSE-SU-2020:2461-1
SUSE-SU-2020:2861-1
SUSE-SU-2020:3191-1
SUSE-SU-2020:3460-1
USN-4433-1
USN-4453-1

Affected Products

Java Platform
Java Se
Java Se Embedded
Linuxmint
Suse
Ubuntu