CVE-2020-14796

Name of the Vulnerable Software and Affected Versions Java SE versions 7u271, 8u261, 11.0.8, and 15 Java SE Embedded version 8u261

Description A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code and rely on the Java sandbox for security. Successful attacks can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.

Recommendations For Java SE versions 7u271, 8u261, 11.0.8, and 15, update to a version that contains a fix for this vulnerability. For Java SE Embedded version 8u261, update to a version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the Java sandbox in clients running sandboxed Java Web Start applications or sandboxed Java applets until a patch is available. Restrict access to untrusted code, such as code that comes from the internet, to minimize the risk of exploitation.