Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2020-2654

Disclosure Date: January 15, 2020 •

CVE-2020-2654 CVSS v3 Base Score: 3.7

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

3.7 Low

Impact Score:

1.4

Exploitability Score:

2.2

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector (AV):

Network

Attack Complexity (AC):

High

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

Low

Vendors

canonical,
debian,
mcafee,
netapp,
opensuse,
oracle,
redhat

Products

active iq unified manager,
debian linux 10.0,
debian linux 8.0,
debian linux 9.0,
e-series performance analyzer -,
e-series santricity management plug-ins -,
e-series santricity os controller,
e-series santricity storage manager -,
e-series santricity web services proxy -,
enterprise linux 6.0,
enterprise linux 7.0,
enterprise linux 8.0,
enterprise linux desktop 6.0,
enterprise linux desktop 7.0,
enterprise linux eus 7.7,
enterprise linux eus 8.1,
enterprise linux server aus 7.7,
enterprise linux server tus 7.7,
enterprise linux workstation 6.0,
enterprise linux workstation 7.0,
epolicy orchestrator 5.10.0,
epolicy orchestrator 5.9.0,
epolicy orchestrator 5.9.1,
jdk 1.7.0,
jdk 1.8.0,
jdk 11.0.5,
jdk 13.0.1,
jre 1.7.0,
jre 1.8.0,
jre 11.0.5,
jre 13.0.1,
leap 15.1,
oncommand insight -,
oncommand workflow automation -,
openjdk 11,
openjdk 11.0.1,
openjdk 11.0.2,
openjdk 11.0.3,
openjdk 11.0.4,
openjdk 11.0.5,
openjdk 13,
openjdk 13.0.1,
openjdk 7,
openjdk 8,
santricity unified manager -,
steelstore cloud integrated storage -,
ubuntu linux 16.04,
ubuntu linux 18.04,
ubuntu linux 19.10

References

Rapid7

Unknown

CVE-2020-2654

Unknown

Unknown

None

None

Network

CVE-2020-2654

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2020-2654

Unknown

Unknown

None

None

Network

CVE-2020-2654

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification