Details of VAR-202004-1071

ID

VAR-202004-1071

CVE

CVE-2020-2781

TITLE

Oracle Java SE and Java SE Embedded In JSSE Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-004278

DESCRIPTION

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). It exists that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. (CVE-2020-2754, CVE-2020-2755). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202006-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenJDK, IcedTea: Multiple vulnerabilities Date: June 15, 2020 Bugs: #718720, #720690 ID: 202006-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenJDK and IcedTea, the worst of which could result in the arbitrary execution of code. Background ========== OpenJDK is a free and open-source implementation of the Java Platform, Standard Edition. IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/openjdk-bin < 8.252_p09 >= 8.252_p09 2 dev-java/openjdk-jre-bin < 8.252_p09 >= 8.252_p09 3 dev-java/icedtea-bin < 3.16.0 >= 3.16.0 ------------------------------------------------------------------- 3 affected packages Description =========== Multiple vulnerabilities have been discovered in OpenJDK and IcedTea. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenJDK binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.252_p09" All OpenJDK JRE binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/openjdk-jre-bin-8.252_p09" All IcedTea binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-3.16.0" References ========== [ 1 ] CVE-2020-2585 https://nvd.nist.gov/vuln/detail/CVE-2020-2585 [ 2 ] CVE-2020-2585 https://nvd.nist.gov/vuln/detail/CVE-2020-2585 [ 3 ] CVE-2020-2755 https://nvd.nist.gov/vuln/detail/CVE-2020-2755 [ 4 ] CVE-2020-2755 https://nvd.nist.gov/vuln/detail/CVE-2020-2755 [ 5 ] CVE-2020-2756 https://nvd.nist.gov/vuln/detail/CVE-2020-2756 [ 6 ] CVE-2020-2756 https://nvd.nist.gov/vuln/detail/CVE-2020-2756 [ 7 ] CVE-2020-2757 https://nvd.nist.gov/vuln/detail/CVE-2020-2757 [ 8 ] CVE-2020-2757 https://nvd.nist.gov/vuln/detail/CVE-2020-2757 [ 9 ] CVE-2020-2773 https://nvd.nist.gov/vuln/detail/CVE-2020-2773 [ 10 ] CVE-2020-2773 https://nvd.nist.gov/vuln/detail/CVE-2020-2773 [ 11 ] CVE-2020-2781 https://nvd.nist.gov/vuln/detail/CVE-2020-2781 [ 12 ] CVE-2020-2781 https://nvd.nist.gov/vuln/detail/CVE-2020-2781 [ 13 ] CVE-2020-2800 https://nvd.nist.gov/vuln/detail/CVE-2020-2800 [ 14 ] CVE-2020-2800 https://nvd.nist.gov/vuln/detail/CVE-2020-2800 [ 15 ] CVE-2020-2803 https://nvd.nist.gov/vuln/detail/CVE-2020-2803 [ 16 ] CVE-2020-2803 https://nvd.nist.gov/vuln/detail/CVE-2020-2803 [ 17 ] CVE-2020-2805 https://nvd.nist.gov/vuln/detail/CVE-2020-2805 [ 18 ] CVE-2020-2805 https://nvd.nist.gov/vuln/detail/CVE-2020-2805 [ 19 ] CVE-2020-2830 https://nvd.nist.gov/vuln/detail/CVE-2020-2830 [ 20 ] CVE-2020-2830 https://nvd.nist.gov/vuln/detail/CVE-2020-2830 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202006-22 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . 8.0) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * operator-framework/presto: /etc/passwd was given incorrect privileges (CVE-2019-19352) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For OpenShift Container Platform 4.4 see the following documentation, which will be updated shortly for release 4.4.3, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.4/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1793281 - CVE-2019-19352 operator-framework/presto: /etc/passwd is given incorrect privileges 5. 8) - aarch64, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.1-ibm security update Advisory ID: RHSA-2020:2236-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2020:2236 Issue date: 2020-05-20 CVE Names: CVE-2020-2654 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 ==================================================================== 1. Summary: An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) * OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) * OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) * OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) * OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1791217 - CVE-2020-2654 OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) 1823215 - CVE-2020-2756 OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) 1823216 - CVE-2020-2757 OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) 1823527 - CVE-2020-2800 OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) 1823542 - CVE-2020-2830 OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) 1823694 - CVE-2020-2803 OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) 1823844 - CVE-2020-2805 OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) 1823960 - CVE-2020-2781 OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.i686.rpm ppc64: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-2654 https://access.redhat.com/security/cve/CVE-2020-2756 https://access.redhat.com/security/cve/CVE-2020-2757 https://access.redhat.com/security/cve/CVE-2020-2781 https://access.redhat.com/security/cve/CVE-2020-2800 https://access.redhat.com/security/cve/CVE-2020-2803 https://access.redhat.com/security/cve/CVE-2020-2805 https://access.redhat.com/security/cve/CVE-2020-2830 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXsU9v9zjgjWX9erEAQg8Zw/+Lg7FSdhMbVk/Qy2+8RgdcPuiPfqGcUQg nT6B1XuNPo8ZHONWC+2GEsV+8SJNp8vHeZmZWn5robPd/TsB25LGCk6Kx4TQPPd8 MsGvVphXZkuIi+44R6Xj8m8CzAQLgPGrBS6fonl0fe8W/9/7ULEG327qT0Piphpy s9tlQWx3PAbtw7CnFBpOlTibadg0iyqif3egEhkUFkMYxTGBNn43GvKQAX3nfgNx FSiy8ZeAXB3u289gMmgXjJdcIxPF5KQlEsaCEU/5LB1I5YcJkleKY0YXUOaYaZ5z /AkKPho/WWogwWZBtBlAb3hWOft+grko+0QsDhSGLhr5c1YPq1PTYgmCzY54imnQ O+KBpgX61aIY9Yil+iy0uGVhC8tpIwFx4k02SlzgocNwOZu+bwGkbm34n0NIxZBL WapU4IbIiforzd8IFoMVst8gPe6hF+fI4OW20aUVfImOAarpr7QuirXWuDd0xZRv bG/SNAAFdkDVzXVwfxDVu5KyELShTJOagRvf3sZ/e22Sy3h8VuhEBV3l2UvnLpDB cXkD39sy6DAahaWBveCWLfBRCCiuOn/03g9lE2oTsTQPP8YCsv23wdTEMMXXXMhW OO6kEvVZVDtY7KL0u4KQ2f41k70O2ybLl4gLxwTmvk5VCx2xtk7Qb1gOsVPZNMA6 QF084+zkRgg=n3I2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4668-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 28, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-8 CVE ID : CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks. For the oldstable distribution (stretch), these problems have been fixed in version 8u252-b09-1~deb9u1. We recommend that you upgrade your openjdk-8 packages. For the detailed security status of openjdk-8 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-8 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6ohOAACgkQEMKTtsN8 TjauDg//dewg6ej1yoHtsiqw0vxozLnwHv+6PhzFlI2x25u7W2oBc6bRM+ZefFzm Ph/AcWtCrtjGbPmukaFrSYXEKqmymcXS0otYH7v3FuvSDgPWou2jrZ0TuIt1ohfB 6jszJQgfLFdQf7Ubfv1L/+fFN5rMyOVepBSbk1cI9pJWntTUprbtA5V+z1vTP9cl 2NHGGlqAwxWHIjR/s2gKv2zoRAd46GEeEIq5e7P6xgbr/4R00JWmq/frp2wK40RT 8rc/pcSvHq5isbJAUYuf0af5+77NZMnrQZyrLRFzpTprY1DkR7bTtFIETZJwBk2F qQqfo1f/hiqwdB90UXHlscVA7YxyRojJkQ57/QM0dkGTKZCxL/JyBi5B+262Qa8k 2sgleNcPyGJjUZHNJt9C0D2TF8zBXjdqMewbu1h9jt8t7PCcgBq0EDnQdClDzESG aTzMsM4w3ssYX41vmq3O6j90HwdFTs0lDCd1HfKK2WXgCm8IoFKdiW0ofRQdXihb dFizoH8yxrW9Pk9AjQoj4goaRqElEyk9hs2Sqh1HQFtHoKujxiIuoM+XQop8/9xY g45bWIR/jzV9AcPOUkMtGean90/qfSXAqgusXJ0mCSSP4wbvYXi04qtMmeurQFeX 8JgNWPEehjQUzQqxLVQ4FNikIe3VG1UKwc6rPPHdwPXw4YqHJ2k= =Xj/N -----END PGP SIGNATURE-----

Trust: 2.43

sources: NVD: CVE-2020-2781 // JVNDB: JVNDB-2020-004278 // VULMON: CVE-2020-2781 // PACKETSTORM: 158101 // PACKETSTORM: 157350 // PACKETSTORM: 157351 // PACKETSTORM: 157549 // PACKETSTORM: 157779 // PACKETSTORM: 157331 // PACKETSTORM: 157776 // PACKETSTORM: 168802

AFFECTED PRODUCTS

vendor:	oracle	model:	jdk	scope:	eq	version:	11.0.6	Trust: 1.8
vendor:	oracle	model:	jre	scope:	eq	version:	11.0.6	Trust: 1.8
vendor:	mcafee	model:	threat intelligence exchange server	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	gte	version:	7.3	Trust: 1.0
vendor:	netapp	model:	steelstore cloud integrated storage	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	lte	version:	11.70.2	Trust: 1.0
vendor:	oracle	model:	openjdk	scope:	eq	version:	8	Trust: 1.0
vendor:	netapp	model:	snapmanager	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.2	Trust: 1.0
vendor:	netapp	model:	storagegrid	scope:	lte	version:	9.0.4	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	14.0.0	Trust: 1.0
vendor:	netapp	model:	oncommand workflow automation	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	storagegrid	scope:	gte	version:	9.0.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	1.8.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	mcafee	model:	threat intelligence exchange server	scope:	eq	version:	2.1.1	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	eq	version:	-	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	30	Trust: 1.0
vendor:	oracle	model:	openjdk	scope:	lte	version:	13.0.2	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	1.7.0	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	14.0.0	Trust: 1.0
vendor:	oracle	model:	openjdk	scope:	gte	version:	13	Trust: 1.0
vendor:	mcafee	model:	threat intelligence exchange server	scope:	eq	version:	2.3.1	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	netapp	model:	7-mode transition tool	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	1.8.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	mcafee	model:	threat intelligence exchange server	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	netapp	model:	e-series performance analyzer	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	1.7.0	Trust: 1.0
vendor:	mcafee	model:	threat intelligence exchange server	scope:	eq	version:	2.2.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.10	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	gte	version:	9.5	Trust: 1.0
vendor:	netapp	model:	e-series santricity web services	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	santricity unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	mcafee	model:	threat intelligence exchange server	scope:	eq	version:	2.1.0	Trust: 1.0
vendor:	netapp	model:	cloud secure agent	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	openjdk	scope:	eq	version:	7	Trust: 1.0
vendor:	mcafee	model:	threat intelligence exchange server	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	mcafee	model:	threat intelligence exchange server	scope:	eq	version:	2.3.0	Trust: 1.0
vendor:	oracle	model:	openjdk	scope:	lte	version:	11.0.6	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	storagegrid	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	gte	version:	11.0.0	Trust: 1.0
vendor:	oracle	model:	openjdk	scope:	eq	version:	14	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	oracle	model:	openjdk	scope:	gte	version:	11	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	e-series santricity os controller	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	storagegrid webscale	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	snapmanager	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	jdk	scope:	eq	version:	14	Trust: 0.8
vendor:	oracle	model:	jdk	scope:	eq	version:	7 update 251	Trust: 0.8
vendor:	oracle	model:	jdk	scope:	eq	version:	8 update 241	Trust: 0.8
vendor:	oracle	model:	jre	scope:	eq	version:	14	Trust: 0.8
vendor:	oracle	model:	jre	scope:	eq	version:	7 update 251	Trust: 0.8
vendor:	oracle	model:	jre	scope:	eq	version:	8 update 241	Trust: 0.8
vendor:	oracle	model:	java se	scope:	eq	version:	embedded 8 update 241	Trust: 0.8
vendor:	hitachi	model:	application server	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	application server	scope:	eq	version:	for developers	Trust: 0.8
vendor:	hitachi	model:	automation director	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	compute systems manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	configuration manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	device manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	dynamic link manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	global link manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	infrastructure analytics advisor	scope:	eq	version:	海外販売のみ)	Trust: 0.8
vendor:	hitachi	model:	ops center analyzer	scope:	eq	version:	(海外販売のみ)	Trust: 0.8
vendor:	hitachi	model:	ops center analyzer viewpoint	scope:	eq	version:	(海外販売のみ)	Trust: 0.8
vendor:	hitachi	model:	ops center api configuration manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ops center automator	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ops center common services	scope:	eq	version:	(海外販売のみ)	Trust: 0.8
vendor:	hitachi	model:	replication manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	tiered storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	tuning manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	(64)	Trust: 0.8
vendor:	hitachi	model:	ucosminexus client	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service architect	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service platform	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service platform	scope:	eq	version:	(64)	Trust: 0.8

sources: JVNDB: JVNDB-2020-004278 // NVD: CVE-2020-2781

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2020-2781
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-004278
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-843
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2020-2781
value:	MEDIUM
Trust: 0.1

NVD:	CVE-2020-2781
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-004278
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

NVD:	CVE-2020-2781
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-004278
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-2781 // JVNDB: JVNDB-2020-004278 // CNNVD: CNNVD-202004-843 // NVD: CVE-2020-2781

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-2781

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-843

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-843

CONFIGURATIONS

sources: NVD: CVE-2020-2781

PATCH

title:	hitachi-sec-2020-108	url:	https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-108/index.html	Trust: 0.8
title:	hitachi-sec-2020-111	url:	http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-111/index.html	Trust: 0.8
title:	NTAP-20200416-0004	url:	https://security.netapp.com/advisory/ntap-20200416-0004/	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - April 2020	url:	https://www.oracle.com/security-alerts/cpuapr2020.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - April 2020 Risk Matrices	url:	https://www.oracle.com/security-alerts/cpuapr2020verbose.html	Trust: 0.8
title:	hitachi-sec-2020-111	url:	http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2020-111/index.html	Trust: 0.8
title:	hitachi-sec-2020-108	url:	https://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2020-108/index.html	Trust: 0.8
title:	Oracle Corporation Javaプラグインの脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/oracle/20200416.html	Trust: 0.8
title:	Oracle Java SE and Java SE Embedded Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqbyid.tag?id=113967	Trust: 0.6
title:	Red Hat: Important: java-1.7.1-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20202238 - security advisory	Trust: 0.1
title:	Red Hat: Important: java-1.7.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201508 - security advisory	Trust: 0.1
title:	Red Hat: Important: java-1.7.1-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20202236 - security advisory	Trust: 0.1
title:	Red Hat: Important: java-1.7.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201507 - security advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201515 - security advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201506 - security advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20202239 - security advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201512 - security advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201516 - security advisory	Trust: 0.1
title:	Red Hat: Important: java-11-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201514 - security advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20202241 - security advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20202237 - security advisory	Trust: 0.1
title:	Red Hat: Important: java-11-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201517 - security advisory	Trust: 0.1
title:	Red Hat: Important: java-11-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201509 - security advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.4.3 presto-container security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201942 - security advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.4.3 hadoop-container security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201938 - security advisory	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Z Development and Test Environment – April 2020	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=34684cce4ea4ca724278f61f0e9e4d2b	Trust: 0.1
title:	Debian Security Advisories: DSA-4668-1 openjdk-8 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d7cce1580c49512354cd13b73064c4ab	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-8, openjdk-lts vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-4337-1	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2020-1365	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2020-1365	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2023-1809	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2023-1809	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1424	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=alas2-2020-1424	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1421	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=alas2-2020-1421	Trust: 0.1
title:	Debian Security Advisories: DSA-4662-1 openjdk-11 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=fcc7953c1496c4d2bf29bdda0aeb34d3	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4ca8040b949152189bea3a3126afcd39	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1410	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=alas2-2020-1410	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-111	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-108	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities in OpenJDK version 11 affect IBM InfoSphere Information Server	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=04093f22959e96a7bb3ed8715aa18c0e	Trust: 0.1
title:	IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2ec7385c474071281be069b54d841de6	Trust: 0.1
title:	-	url:	https://github.com/live-hack-cve/cve-2020-2781	Trust: 0.1

sources: VULMON: CVE-2020-2781 // JVNDB: JVNDB-2020-004278 // CNNVD: CNNVD-202004-843

EXTERNAL IDS

db:	NVD	id:	CVE-2020-2781	Trust: 3.3
db:	MCAFEE	id:	SB10318	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-004278	Trust: 0.8
db:	PACKETSTORM	id:	158101	Trust: 0.7
db:	PACKETSTORM	id:	157351	Trust: 0.7
db:	PACKETSTORM	id:	157331	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1730	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1797	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2622	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1414	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1582	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4416	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2646	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1628	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1468	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1439	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2738	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2300	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1401	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3108	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2113	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1984	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1746	Trust: 0.6
db:	PACKETSTORM	id:	157782	Trust: 0.6
db:	PACKETSTORM	id:	157550	Trust: 0.6
db:	PACKETSTORM	id:	157363	Trust: 0.6
db:	NSFOCUS	id:	47993	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-843	Trust: 0.6
db:	VULMON	id:	CVE-2020-2781	Trust: 0.1
db:	PACKETSTORM	id:	157350	Trust: 0.1
db:	PACKETSTORM	id:	157549	Trust: 0.1
db:	PACKETSTORM	id:	157779	Trust: 0.1
db:	PACKETSTORM	id:	157776	Trust: 0.1
db:	PACKETSTORM	id:	168802	Trust: 0.1

sources: VULMON: CVE-2020-2781 // JVNDB: JVNDB-2020-004278 // PACKETSTORM: 158101 // PACKETSTORM: 157350 // PACKETSTORM: 157351 // PACKETSTORM: 157549 // PACKETSTORM: 157779 // PACKETSTORM: 157331 // PACKETSTORM: 157776 // PACKETSTORM: 168802 // CNNVD: CNNVD-202004-843 // NVD: CVE-2020-2781

REFERENCES

url:	https://www.oracle.com/security-alerts/cpuapr2020.html	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2781	Trust: 2.2
url:	https://usn.ubuntu.com/4337-1/	Trust: 1.8
url:	https://security.gentoo.org/glsa/202006-22	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20200416-0004/	Trust: 1.7
url:	https://www.debian.org/security/2020/dsa-4662	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Trust: 1.7
url:	https://www.debian.org/security/2020/dsa-4668	Trust: 1.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l7vhc4ew36kzeidq56rpcwbzcqelffkn/	Trust: 1.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ckav6kffaeanxan73aftgu7z6ynrwcxq/	Trust: 1.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nyhhhzrhxcbgrhge5up7ueb4iz2qx536/	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Trust: 1.7
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10318	Trust: 1.7
url:	https://security.gentoo.org/glsa/202209-15	Trust: 1.7
url:	https://access.redhat.com/security/cve/cve-2020-2781	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-2781	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20200415-jre.html	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2020/at200017.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2757	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2756	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2803	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2805	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2800	Trust: 0.8
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-z-development-and-test-environment-april-2020/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2830	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2755	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2773	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-2757	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2754	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-2805	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-2830	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-2800	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-2756	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-2803	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-for-websphere-mq-internet-pass-thru-april-2020-includes-oracle-april-2020-cpu-cve-2020-2781/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1401/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-java-se-vulnerability-affects-ibm-control-center-cve-2020-2781/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center-4/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1582/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-sb0003748/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-vulnerabilities-in-java/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-rational-build-forge/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-sdk-affect-ibm-spectrum-control-cve-2020-2654-cve-2020-2781-cve-2020-2800/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2300/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-8/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/oracle-java-openjdk-vulnerabilities-of-april-2020-32028	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2020-includes-oracle-apr-2020-cpu-minus-cve-2020-2773-affects-liberty-for-java-for-ibm-cloud/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-rational-business-developer-2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-planning-analytics/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47993	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center-3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-addressed-in-ibm-cloud-pak-system-april-2020-updates-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1468/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3108/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-planning-q12021/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-multiple-java-vulnerabilities/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-watson-machine-learning-service-is-impacted-by-security-vulnerabilities-in-openjdk-11/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-and-apache-tomcat-affect-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-v9000-products/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2113/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-that-affect-ibm-intelligent-operations-center-products-apr-2020/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerability-affects-ibm-sterling-secure-proxy-cve-2020-2781/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2622/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2646/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-java/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-asset-analyzer-2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-april-2020-cpu-plus-deferred-cve-2019-2949-and-cve-2020-2654/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabilities-affect-ibm-spectrum-protect-plus-cve-2020-2805-cve-2020-2803-cve-2020-2830-cve-2020-2781-cve-2020-2800-cve-2020-2757-cve-2020-2756-cve-2020-275-3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-connectdirect-web-services/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157782/red-hat-security-advisory-2020-2241-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-april-2020-cpu-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology-2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cloud-private-2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-4/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-ediscovery-analyzer-3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-in-ibm-runtime-environment-java-version-8-affect-ibm-wiotp-messagegateway-cve-2020-2805-cve-2020-2803-cve-2020-2781-cve-2020-2755-cve-2020-2754-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1439/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-platform-symphony-and-ibm-spectrum-symphony-2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-affects-ibm-cloud-application-business-insights/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-storwize-v7000-unified/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-april-2020-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158101/gentoo-linux-security-advisory-202006-22.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-directory-server-3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-april-2020-critical-patch-update-for-java/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-7/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-infosphere-information-server/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-sterling-connectdirect-for-unix-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4416/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-operational-decision-manager-october-2019-january-2020-and-april-2020-cpus/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2738/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1746/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabilities-affect-ibm-spectrum-protect-plus-cve-2020-2805-cve-2020-2803-cve-2020-2830-cve-2020-2781-cve-2020-2800-cve-2020-2757-cve-2020-2756-cve-2020-275-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1730/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1984/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2020-includes-oracle-apr-2020-cpu-minus-cve-2020-2773-affects-ibm-mq/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-qradar-siem-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1414/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-april-2020-cpu-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology-3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-for-ibm-cloud-private-vm-quickstarter/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157351/red-hat-security-advisory-2020-1515-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-in-ibm-runtime-environment-java-version-8-affect-ibm-wiotp-messagegateway-cve-2020-2805-cve-2020-2803-cve-2020-2781-cve-2020-2755-cve-2020-2754/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester-primary-tabs/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-affects-the-ibm-flashsystem-models-840-and-900/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157331/red-hat-security-advisory-2020-1514-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/157550/red-hat-security-advisory-2020-1938-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-directory-server-2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerabilities-affect-the-ibm-spectrum-protect-backup-archive-client-ibm-spectrum-protect-for-space-management-and-ibm-spectrum-protect-for-virtual-environments/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-sterling-connectdirect-for-microsoft-windows-3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-storediq-instascan/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1628/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2020-includes-oracle-apr-2020-cpu/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-cast-iron-solution-app-connect-professional-3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-monitoring-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1797/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center-5/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-java-sdk-that-affect-ibm-security-directory-suite/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157363/ubuntu-security-notice-usn-4337-1.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-sb003732/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-2754	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-2755	Trust: 0.5
url:	https://access.redhat.com/security/team/key/	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-2773	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2654	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-2654	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2020-2781	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2238	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2585	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:1516	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:1515	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:1942	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19352	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19352	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.4/updating/updating-cluster	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-2949	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2949	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2239	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2767	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2816	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2778	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:1514	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2816	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2767	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2236	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/openjdk-8	Trust: 0.1

CREDITS

Gentoo

Trust: 0.7

sources: PACKETSTORM: 158101 // CNNVD: CNNVD-202004-843

SOURCES

db:	VULMON	id:	CVE-2020-2781
db:	JVNDB	id:	JVNDB-2020-004278
db:	PACKETSTORM	id:	158101
db:	PACKETSTORM	id:	157350
db:	PACKETSTORM	id:	157351
db:	PACKETSTORM	id:	157549
db:	PACKETSTORM	id:	157779
db:	PACKETSTORM	id:	157331
db:	PACKETSTORM	id:	157776
db:	PACKETSTORM	id:	168802
db:	CNNVD	id:	CNNVD-202004-843
db:	NVD	id:	CVE-2020-2781

LAST UPDATE DATE

2023-11-07T20:38:03.308000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-2781	date:	2022-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-004278	date:	2020-06-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-843	date:	2022-09-26T00:00:00
db:	NVD	id:	CVE-2020-2781	date:	2022-09-30T14:42:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-2781	date:	2020-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-004278	date:	2020-05-12T00:00:00
db:	PACKETSTORM	id:	158101	date:	2020-06-16T00:55:56
db:	PACKETSTORM	id:	157350	date:	2020-04-22T15:11:05
db:	PACKETSTORM	id:	157351	date:	2020-04-22T15:11:12
db:	PACKETSTORM	id:	157549	date:	2020-05-04T17:28:54
db:	PACKETSTORM	id:	157779	date:	2020-05-20T16:01:16
db:	PACKETSTORM	id:	157331	date:	2020-04-21T20:00:19
db:	PACKETSTORM	id:	157776	date:	2020-05-20T15:59:45
db:	PACKETSTORM	id:	168802	date:	2020-04-28T19:12:00
db:	CNNVD	id:	CNNVD-202004-843	date:	2020-04-14T00:00:00
db:	NVD	id:	CVE-2020-2781	date:	2020-04-15T14:15:00