CVE-2020-14583

Name of the Vulnerable Software and Affected Versions Java SE versions 7u261, 8u251, 11.0.7, and 14.0.1 Java SE Embedded version 8u251

Description The issue is related to insufficient input validation in the Libraries component of Oracle Java SE and Java SE Embedded. This can be exploited by an unauthenticated attacker with network access via multiple protocols to compromise Java SE and Java SE Embedded, potentially leading to a takeover. The vulnerability affects Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, and rely on the Java sandbox for security. It does not apply to Java deployments that load and run only trusted code, typically in servers.

Recommendations For Java SE versions 7u261, 8u251, 11.0.7, and 14.0.1, update to a version that contains a fix for this issue. For Java SE Embedded version 8u251, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the use of the Libraries component until a patch is available. Avoid running untrusted code in Java deployments that rely on the Java sandbox for security.