ID

VAR-202004-1071


CVE

CVE-2020-2781


TITLE

Oracle Java SE and Java SE Embedded In JSSE Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-004278

DESCRIPTION

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). It exists that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. (CVE-2020-2754, CVE-2020-2755). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202006-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenJDK, IcedTea: Multiple vulnerabilities Date: June 15, 2020 Bugs: #718720, #720690 ID: 202006-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenJDK and IcedTea, the worst of which could result in the arbitrary execution of code. Background ========== OpenJDK is a free and open-source implementation of the Java Platform, Standard Edition. IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/openjdk-bin < 8.252_p09 >= 8.252_p09 2 dev-java/openjdk-jre-bin < 8.252_p09 >= 8.252_p09 3 dev-java/icedtea-bin < 3.16.0 >= 3.16.0 ------------------------------------------------------------------- 3 affected packages Description =========== Multiple vulnerabilities have been discovered in OpenJDK and IcedTea. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenJDK binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.252_p09" All OpenJDK JRE binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/openjdk-jre-bin-8.252_p09" All IcedTea binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-3.16.0" References ========== [ 1 ] CVE-2020-2585 https://nvd.nist.gov/vuln/detail/CVE-2020-2585 [ 2 ] CVE-2020-2585 https://nvd.nist.gov/vuln/detail/CVE-2020-2585 [ 3 ] CVE-2020-2755 https://nvd.nist.gov/vuln/detail/CVE-2020-2755 [ 4 ] CVE-2020-2755 https://nvd.nist.gov/vuln/detail/CVE-2020-2755 [ 5 ] CVE-2020-2756 https://nvd.nist.gov/vuln/detail/CVE-2020-2756 [ 6 ] CVE-2020-2756 https://nvd.nist.gov/vuln/detail/CVE-2020-2756 [ 7 ] CVE-2020-2757 https://nvd.nist.gov/vuln/detail/CVE-2020-2757 [ 8 ] CVE-2020-2757 https://nvd.nist.gov/vuln/detail/CVE-2020-2757 [ 9 ] CVE-2020-2773 https://nvd.nist.gov/vuln/detail/CVE-2020-2773 [ 10 ] CVE-2020-2773 https://nvd.nist.gov/vuln/detail/CVE-2020-2773 [ 11 ] CVE-2020-2781 https://nvd.nist.gov/vuln/detail/CVE-2020-2781 [ 12 ] CVE-2020-2781 https://nvd.nist.gov/vuln/detail/CVE-2020-2781 [ 13 ] CVE-2020-2800 https://nvd.nist.gov/vuln/detail/CVE-2020-2800 [ 14 ] CVE-2020-2800 https://nvd.nist.gov/vuln/detail/CVE-2020-2800 [ 15 ] CVE-2020-2803 https://nvd.nist.gov/vuln/detail/CVE-2020-2803 [ 16 ] CVE-2020-2803 https://nvd.nist.gov/vuln/detail/CVE-2020-2803 [ 17 ] CVE-2020-2805 https://nvd.nist.gov/vuln/detail/CVE-2020-2805 [ 18 ] CVE-2020-2805 https://nvd.nist.gov/vuln/detail/CVE-2020-2805 [ 19 ] CVE-2020-2830 https://nvd.nist.gov/vuln/detail/CVE-2020-2830 [ 20 ] CVE-2020-2830 https://nvd.nist.gov/vuln/detail/CVE-2020-2830 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202006-22 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . 8.0) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * operator-framework/presto: /etc/passwd was given incorrect privileges (CVE-2019-19352) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For OpenShift Container Platform 4.4 see the following documentation, which will be updated shortly for release 4.4.3, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.4/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1793281 - CVE-2019-19352 operator-framework/presto: /etc/passwd is given incorrect privileges 5. 8) - aarch64, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.1-ibm security update Advisory ID: RHSA-2020:2236-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2020:2236 Issue date: 2020-05-20 CVE Names: CVE-2020-2654 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 ==================================================================== 1. Summary: An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) * OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) * OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) * OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) * OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1791217 - CVE-2020-2654 OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) 1823215 - CVE-2020-2756 OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) 1823216 - CVE-2020-2757 OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) 1823527 - CVE-2020-2800 OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) 1823542 - CVE-2020-2830 OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) 1823694 - CVE-2020-2803 OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) 1823844 - CVE-2020-2805 OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) 1823960 - CVE-2020-2781 OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.i686.rpm ppc64: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-2654 https://access.redhat.com/security/cve/CVE-2020-2756 https://access.redhat.com/security/cve/CVE-2020-2757 https://access.redhat.com/security/cve/CVE-2020-2781 https://access.redhat.com/security/cve/CVE-2020-2800 https://access.redhat.com/security/cve/CVE-2020-2803 https://access.redhat.com/security/cve/CVE-2020-2805 https://access.redhat.com/security/cve/CVE-2020-2830 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXsU9v9zjgjWX9erEAQg8Zw/+Lg7FSdhMbVk/Qy2+8RgdcPuiPfqGcUQg nT6B1XuNPo8ZHONWC+2GEsV+8SJNp8vHeZmZWn5robPd/TsB25LGCk6Kx4TQPPd8 MsGvVphXZkuIi+44R6Xj8m8CzAQLgPGrBS6fonl0fe8W/9/7ULEG327qT0Piphpy s9tlQWx3PAbtw7CnFBpOlTibadg0iyqif3egEhkUFkMYxTGBNn43GvKQAX3nfgNx FSiy8ZeAXB3u289gMmgXjJdcIxPF5KQlEsaCEU/5LB1I5YcJkleKY0YXUOaYaZ5z /AkKPho/WWogwWZBtBlAb3hWOft+grko+0QsDhSGLhr5c1YPq1PTYgmCzY54imnQ O+KBpgX61aIY9Yil+iy0uGVhC8tpIwFx4k02SlzgocNwOZu+bwGkbm34n0NIxZBL WapU4IbIiforzd8IFoMVst8gPe6hF+fI4OW20aUVfImOAarpr7QuirXWuDd0xZRv bG/SNAAFdkDVzXVwfxDVu5KyELShTJOagRvf3sZ/e22Sy3h8VuhEBV3l2UvnLpDB cXkD39sy6DAahaWBveCWLfBRCCiuOn/03g9lE2oTsTQPP8YCsv23wdTEMMXXXMhW OO6kEvVZVDtY7KL0u4KQ2f41k70O2ybLl4gLxwTmvk5VCx2xtk7Qb1gOsVPZNMA6 QF084+zkRgg=n3I2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4668-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 28, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-8 CVE ID : CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks. For the oldstable distribution (stretch), these problems have been fixed in version 8u252-b09-1~deb9u1. We recommend that you upgrade your openjdk-8 packages. For the detailed security status of openjdk-8 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-8 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6ohOAACgkQEMKTtsN8 TjauDg//dewg6ej1yoHtsiqw0vxozLnwHv+6PhzFlI2x25u7W2oBc6bRM+ZefFzm Ph/AcWtCrtjGbPmukaFrSYXEKqmymcXS0otYH7v3FuvSDgPWou2jrZ0TuIt1ohfB 6jszJQgfLFdQf7Ubfv1L/+fFN5rMyOVepBSbk1cI9pJWntTUprbtA5V+z1vTP9cl 2NHGGlqAwxWHIjR/s2gKv2zoRAd46GEeEIq5e7P6xgbr/4R00JWmq/frp2wK40RT 8rc/pcSvHq5isbJAUYuf0af5+77NZMnrQZyrLRFzpTprY1DkR7bTtFIETZJwBk2F qQqfo1f/hiqwdB90UXHlscVA7YxyRojJkQ57/QM0dkGTKZCxL/JyBi5B+262Qa8k 2sgleNcPyGJjUZHNJt9C0D2TF8zBXjdqMewbu1h9jt8t7PCcgBq0EDnQdClDzESG aTzMsM4w3ssYX41vmq3O6j90HwdFTs0lDCd1HfKK2WXgCm8IoFKdiW0ofRQdXihb dFizoH8yxrW9Pk9AjQoj4goaRqElEyk9hs2Sqh1HQFtHoKujxiIuoM+XQop8/9xY g45bWIR/jzV9AcPOUkMtGean90/qfSXAqgusXJ0mCSSP4wbvYXi04qtMmeurQFeX 8JgNWPEehjQUzQqxLVQ4FNikIe3VG1UKwc6rPPHdwPXw4YqHJ2k= =Xj/N -----END PGP SIGNATURE-----

Trust: 2.43

sources: NVD: CVE-2020-2781 // JVNDB: JVNDB-2020-004278 // VULMON: CVE-2020-2781 // PACKETSTORM: 158101 // PACKETSTORM: 157350 // PACKETSTORM: 157351 // PACKETSTORM: 157549 // PACKETSTORM: 157779 // PACKETSTORM: 157331 // PACKETSTORM: 157776 // PACKETSTORM: 168802

AFFECTED PRODUCTS

vendor:oraclemodel:jdkscope:eqversion:11.0.6

Trust: 1.8

vendor:oraclemodel:jrescope:eqversion:11.0.6

Trust: 1.8

vendor:mcafeemodel:threat intelligence exchange serverscope:eqversion:2.0.0

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:gteversion:7.3

Trust: 1.0

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:11.70.2

Trust: 1.0

vendor:oraclemodel:openjdkscope:eqversion:8

Trust: 1.0

vendor:netappmodel:snapmanagerscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.2

Trust: 1.0

vendor:netappmodel:storagegridscope:lteversion:9.0.4

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:14.0.0

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:netappmodel:storagegridscope:gteversion:9.0.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.8.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:mcafeemodel:threat intelligence exchange serverscope:eqversion:2.1.1

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:30

Trust: 1.0

vendor:oraclemodel:openjdkscope:lteversion:13.0.2

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.7.0

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:14.0.0

Trust: 1.0

vendor:oraclemodel:openjdkscope:gteversion:13

Trust: 1.0

vendor:mcafeemodel:threat intelligence exchange serverscope:eqversion:2.3.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:netappmodel:7-mode transition toolscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.8.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:mcafeemodel:threat intelligence exchange serverscope:eqversion:2.0.1

Trust: 1.0

vendor:netappmodel:e-series performance analyzerscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.7.0

Trust: 1.0

vendor:mcafeemodel:threat intelligence exchange serverscope:eqversion:2.2.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.10

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:gteversion:9.5

Trust: 1.0

vendor:netappmodel:e-series santricity web servicesscope:eqversion: -

Trust: 1.0

vendor:netappmodel:santricity unified managerscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:mcafeemodel:threat intelligence exchange serverscope:eqversion:2.1.0

Trust: 1.0

vendor:netappmodel:cloud secure agentscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:openjdkscope:eqversion:7

Trust: 1.0

vendor:mcafeemodel:threat intelligence exchange serverscope:eqversion:3.0.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:mcafeemodel:threat intelligence exchange serverscope:eqversion:2.3.0

Trust: 1.0

vendor:oraclemodel:openjdkscope:lteversion:11.0.6

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:netappmodel:storagegridscope:eqversion: -

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:gteversion:11.0.0

Trust: 1.0

vendor:oraclemodel:openjdkscope:eqversion:14

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:oraclemodel:openjdkscope:gteversion:11

Trust: 1.0

vendor:netappmodel:active iq unified managerscope: - version: -

Trust: 0.8

vendor:netappmodel:e-series santricity os controllerscope: - version: -

Trust: 0.8

vendor:netappmodel:storagegrid webscalescope: - version: -

Trust: 0.8

vendor:netappmodel:snapmanagerscope: - version: -

Trust: 0.8

vendor:oraclemodel:jdkscope:eqversion:14

Trust: 0.8

vendor:oraclemodel:jdkscope:eqversion:7 update 251

Trust: 0.8

vendor:oraclemodel:jdkscope:eqversion:8 update 241

Trust: 0.8

vendor:oraclemodel:jrescope:eqversion:14

Trust: 0.8

vendor:oraclemodel:jrescope:eqversion:7 update 251

Trust: 0.8

vendor:oraclemodel:jrescope:eqversion:8 update 241

Trust: 0.8

vendor:oraclemodel:java sescope:eqversion:embedded 8 update 241

Trust: 0.8

vendor:hitachimodel:application serverscope: - version: -

Trust: 0.8

vendor:hitachimodel:application serverscope:eqversion:for developers

Trust: 0.8

vendor:hitachimodel:automation directorscope: - version: -

Trust: 0.8

vendor:hitachimodel:compute systems managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:configuration managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:device managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:dynamic link managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:global link managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:infrastructure analytics advisorscope:eqversion:海外販売のみ)

Trust: 0.8

vendor:hitachimodel:ops center analyzerscope:eqversion:(海外販売のみ)

Trust: 0.8

vendor:hitachimodel:ops center analyzer viewpointscope:eqversion:(海外販売のみ)

Trust: 0.8

vendor:hitachimodel:ops center api configuration managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:ops center automatorscope: - version: -

Trust: 0.8

vendor:hitachimodel:ops center common servicesscope:eqversion:(海外販売のみ)

Trust: 0.8

vendor:hitachimodel:replication managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:tiered storage managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:tuning managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:(64)

Trust: 0.8

vendor:hitachimodel:ucosminexus clientscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope:eqversion:(64)

Trust: 0.8

sources: JVNDB: JVNDB-2020-004278 // NVD: CVE-2020-2781

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-2781
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-004278
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202004-843
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-2781
value: MEDIUM

Trust: 0.1

NVD: CVE-2020-2781
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004278
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: CVE-2020-2781
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004278
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-2781 // JVNDB: JVNDB-2020-004278 // CNNVD: CNNVD-202004-843 // NVD: CVE-2020-2781

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-2781

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-843

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-843

CONFIGURATIONS

sources: NVD: CVE-2020-2781

PATCH

title:hitachi-sec-2020-108url:https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-108/index.html

Trust: 0.8

title:hitachi-sec-2020-111url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-111/index.html

Trust: 0.8

title:NTAP-20200416-0004url:https://security.netapp.com/advisory/ntap-20200416-0004/

Trust: 0.8

title:Oracle Critical Patch Update Advisory - April 2020url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - April 2020 Risk Matricesurl:https://www.oracle.com/security-alerts/cpuapr2020verbose.html

Trust: 0.8

title:hitachi-sec-2020-111url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2020-111/index.html

Trust: 0.8

title:hitachi-sec-2020-108url:https://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2020-108/index.html

Trust: 0.8

title:Oracle Corporation Javaプラグインの脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/oracle/20200416.html

Trust: 0.8

title:Oracle Java SE and Java SE Embedded Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=113967

Trust: 0.6

title:Red Hat: Important: java-1.7.1-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20202238 - security advisory

Trust: 0.1

title:Red Hat: Important: java-1.7.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201508 - security advisory

Trust: 0.1

title:Red Hat: Important: java-1.7.1-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20202236 - security advisory

Trust: 0.1

title:Red Hat: Important: java-1.7.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201507 - security advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201515 - security advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201506 - security advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20202239 - security advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201512 - security advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201516 - security advisory

Trust: 0.1

title:Red Hat: Important: java-11-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201514 - security advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20202241 - security advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20202237 - security advisory

Trust: 0.1

title:Red Hat: Important: java-11-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201517 - security advisory

Trust: 0.1

title:Red Hat: Important: java-11-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201509 - security advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.4.3 presto-container security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201942 - security advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.4.3 hadoop-container security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201938 - security advisory

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Z Development and Test Environment – April 2020url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=34684cce4ea4ca724278f61f0e9e4d2b

Trust: 0.1

title:Debian Security Advisories: DSA-4668-1 openjdk-8 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d7cce1580c49512354cd13b73064c4ab

Trust: 0.1

title:Ubuntu Security Notice: openjdk-8, openjdk-lts vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-4337-1

Trust: 0.1

title:Amazon Linux AMI: ALAS-2020-1365url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2020-1365

Trust: 0.1

title:Amazon Linux AMI: ALAS-2023-1809url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2023-1809

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1424url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=alas2-2020-1424

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1421url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=alas2-2020-1421

Trust: 0.1

title:Debian Security Advisories: DSA-4662-1 openjdk-11 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=fcc7953c1496c4d2bf29bdda0aeb34d3

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4ca8040b949152189bea3a3126afcd39

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1410url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=alas2-2020-1410

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Centerurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-111

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexusurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-108

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities in OpenJDK version 11 affect IBM InfoSphere Information Serverurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=04093f22959e96a7bb3ed8715aa18c0e

Trust: 0.1

title:IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2ec7385c474071281be069b54d841de6

Trust: 0.1

title: - url:https://github.com/live-hack-cve/cve-2020-2781

Trust: 0.1

sources: VULMON: CVE-2020-2781 // JVNDB: JVNDB-2020-004278 // CNNVD: CNNVD-202004-843

EXTERNAL IDS

db:NVDid:CVE-2020-2781

Trust: 3.3

db:MCAFEEid:SB10318

Trust: 1.7

db:JVNDBid:JVNDB-2020-004278

Trust: 0.8

db:PACKETSTORMid:158101

Trust: 0.7

db:PACKETSTORMid:157351

Trust: 0.7

db:PACKETSTORMid:157331

Trust: 0.7

db:AUSCERTid:ESB-2020.1730

Trust: 0.6

db:AUSCERTid:ESB-2020.1797

Trust: 0.6

db:AUSCERTid:ESB-2020.2622

Trust: 0.6

db:AUSCERTid:ESB-2020.1414

Trust: 0.6

db:AUSCERTid:ESB-2020.1582

Trust: 0.6

db:AUSCERTid:ESB-2020.4416

Trust: 0.6

db:AUSCERTid:ESB-2020.2646

Trust: 0.6

db:AUSCERTid:ESB-2020.1628

Trust: 0.6

db:AUSCERTid:ESB-2020.1468

Trust: 0.6

db:AUSCERTid:ESB-2020.1439

Trust: 0.6

db:AUSCERTid:ESB-2020.2738

Trust: 0.6

db:AUSCERTid:ESB-2020.2300

Trust: 0.6

db:AUSCERTid:ESB-2020.1401

Trust: 0.6

db:AUSCERTid:ESB-2020.3108

Trust: 0.6

db:AUSCERTid:ESB-2020.2113

Trust: 0.6

db:AUSCERTid:ESB-2020.1984

Trust: 0.6

db:AUSCERTid:ESB-2020.1746

Trust: 0.6

db:PACKETSTORMid:157782

Trust: 0.6

db:PACKETSTORMid:157550

Trust: 0.6

db:PACKETSTORMid:157363

Trust: 0.6

db:NSFOCUSid:47993

Trust: 0.6

db:CNNVDid:CNNVD-202004-843

Trust: 0.6

db:VULMONid:CVE-2020-2781

Trust: 0.1

db:PACKETSTORMid:157350

Trust: 0.1

db:PACKETSTORMid:157549

Trust: 0.1

db:PACKETSTORMid:157779

Trust: 0.1

db:PACKETSTORMid:157776

Trust: 0.1

db:PACKETSTORMid:168802

Trust: 0.1

sources: VULMON: CVE-2020-2781 // JVNDB: JVNDB-2020-004278 // PACKETSTORM: 158101 // PACKETSTORM: 157350 // PACKETSTORM: 157351 // PACKETSTORM: 157549 // PACKETSTORM: 157779 // PACKETSTORM: 157331 // PACKETSTORM: 157776 // PACKETSTORM: 168802 // CNNVD: CNNVD-202004-843 // NVD: CVE-2020-2781

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-2781

Trust: 2.2

url:https://usn.ubuntu.com/4337-1/

Trust: 1.8

url:https://security.gentoo.org/glsa/202006-22

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20200416-0004/

Trust: 1.7

url:https://www.debian.org/security/2020/dsa-4662

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html

Trust: 1.7

url:https://www.debian.org/security/2020/dsa-4668

Trust: 1.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l7vhc4ew36kzeidq56rpcwbzcqelffkn/

Trust: 1.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ckav6kffaeanxan73aftgu7z6ynrwcxq/

Trust: 1.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nyhhhzrhxcbgrhge5up7ueb4iz2qx536/

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html

Trust: 1.7

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10318

Trust: 1.7

url:https://security.gentoo.org/glsa/202209-15

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2020-2781

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-2781

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20200415-jre.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2020/at200017.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-2757

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-2756

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-2803

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-2805

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-2800

Trust: 0.8

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-z-development-and-test-environment-april-2020/

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-2830

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-2755

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-2773

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-2757

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-2754

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-2805

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-2830

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-2800

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-2756

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-2803

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-for-websphere-mq-internet-pass-thru-april-2020-includes-oracle-april-2020-cpu-cve-2020-2781/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1401/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-java-se-vulnerability-affects-ibm-control-center-cve-2020-2781/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center-4/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1582/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-sb0003748/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-vulnerabilities-in-java/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-rational-build-forge/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-sdk-affect-ibm-spectrum-control-cve-2020-2654-cve-2020-2781-cve-2020-2800/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2300/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-8/

Trust: 0.6

url:https://vigilance.fr/vulnerability/oracle-java-openjdk-vulnerabilities-of-april-2020-32028

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2020-includes-oracle-apr-2020-cpu-minus-cve-2020-2773-affects-liberty-for-java-for-ibm-cloud/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-rational-business-developer-2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-planning-analytics/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47993

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center-3/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-addressed-in-ibm-cloud-pak-system-april-2020-updates-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1468/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3108/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-planning-q12021/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-multiple-java-vulnerabilities/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-watson-machine-learning-service-is-impacted-by-security-vulnerabilities-in-openjdk-11/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-and-apache-tomcat-affect-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-v9000-products/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2113/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-that-affect-ibm-intelligent-operations-center-products-apr-2020/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerability-affects-ibm-sterling-secure-proxy-cve-2020-2781/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2622/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2646/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-java/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-asset-analyzer-2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-april-2020-cpu-plus-deferred-cve-2019-2949-and-cve-2020-2654/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabilities-affect-ibm-spectrum-protect-plus-cve-2020-2805-cve-2020-2803-cve-2020-2830-cve-2020-2781-cve-2020-2800-cve-2020-2757-cve-2020-2756-cve-2020-275-3/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-connectdirect-web-services/

Trust: 0.6

url:https://packetstormsecurity.com/files/157782/red-hat-security-advisory-2020-2241-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-april-2020-cpu-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology-2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cloud-private-2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-4/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-ediscovery-analyzer-3/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-in-ibm-runtime-environment-java-version-8-affect-ibm-wiotp-messagegateway-cve-2020-2805-cve-2020-2803-cve-2020-2781-cve-2020-2755-cve-2020-2754-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1439/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-platform-symphony-and-ibm-spectrum-symphony-2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-affects-ibm-cloud-application-business-insights/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-storwize-v7000-unified/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-april-2020-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/

Trust: 0.6

url:https://packetstormsecurity.com/files/158101/gentoo-linux-security-advisory-202006-22.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-directory-server-3/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-april-2020-critical-patch-update-for-java/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-7/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-infosphere-information-server/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-sterling-connectdirect-for-unix-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4416/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-operational-decision-manager-october-2019-january-2020-and-april-2020-cpus/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2738/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1746/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabilities-affect-ibm-spectrum-protect-plus-cve-2020-2805-cve-2020-2803-cve-2020-2830-cve-2020-2781-cve-2020-2800-cve-2020-2757-cve-2020-2756-cve-2020-275-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1730/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1984/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2020-includes-oracle-apr-2020-cpu-minus-cve-2020-2773-affects-ibm-mq/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-qradar-siem-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1414/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-april-2020-cpu-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology-3/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-for-ibm-cloud-private-vm-quickstarter/

Trust: 0.6

url:https://packetstormsecurity.com/files/157351/red-hat-security-advisory-2020-1515-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-in-ibm-runtime-environment-java-version-8-affect-ibm-wiotp-messagegateway-cve-2020-2805-cve-2020-2803-cve-2020-2781-cve-2020-2755-cve-2020-2754/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester-primary-tabs/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-affects-the-ibm-flashsystem-models-840-and-900/

Trust: 0.6

url:https://packetstormsecurity.com/files/157331/red-hat-security-advisory-2020-1514-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/157550/red-hat-security-advisory-2020-1938-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-directory-server-2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerabilities-affect-the-ibm-spectrum-protect-backup-archive-client-ibm-spectrum-protect-for-space-management-and-ibm-spectrum-protect-for-virtual-environments/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-sterling-connectdirect-for-microsoft-windows-3/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-storediq-instascan/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1628/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2020-includes-oracle-apr-2020-cpu/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-cast-iron-solution-app-connect-professional-3/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-monitoring-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1797/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center-5/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-java-sdk-that-affect-ibm-security-directory-suite/

Trust: 0.6

url:https://packetstormsecurity.com/files/157363/ubuntu-security-notice-usn-4337-1.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-sb003732/

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-2754

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-2755

Trust: 0.5

url:https://access.redhat.com/security/team/key/

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-2773

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-2654

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-2654

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2020-2781

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2238

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2585

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1516

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1515

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1942

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19352

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19352

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.4/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-2949

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-2949

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2239

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2778

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2767

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2816

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2778

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1514

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2816

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2767

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2236

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openjdk-8

Trust: 0.1

sources: VULMON: CVE-2020-2781 // JVNDB: JVNDB-2020-004278 // PACKETSTORM: 158101 // PACKETSTORM: 157350 // PACKETSTORM: 157351 // PACKETSTORM: 157549 // PACKETSTORM: 157779 // PACKETSTORM: 157331 // PACKETSTORM: 157776 // PACKETSTORM: 168802 // CNNVD: CNNVD-202004-843 // NVD: CVE-2020-2781

CREDITS

Gentoo

Trust: 0.7

sources: PACKETSTORM: 158101 // CNNVD: CNNVD-202004-843

SOURCES

db:VULMONid:CVE-2020-2781
db:JVNDBid:JVNDB-2020-004278
db:PACKETSTORMid:158101
db:PACKETSTORMid:157350
db:PACKETSTORMid:157351
db:PACKETSTORMid:157549
db:PACKETSTORMid:157779
db:PACKETSTORMid:157331
db:PACKETSTORMid:157776
db:PACKETSTORMid:168802
db:CNNVDid:CNNVD-202004-843
db:NVDid:CVE-2020-2781

LAST UPDATE DATE

2023-11-07T20:38:03.308000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-2781date:2022-09-30T00:00:00
db:JVNDBid:JVNDB-2020-004278date:2020-06-22T00:00:00
db:CNNVDid:CNNVD-202004-843date:2022-09-26T00:00:00
db:NVDid:CVE-2020-2781date:2022-09-30T14:42:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-2781date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-004278date:2020-05-12T00:00:00
db:PACKETSTORMid:158101date:2020-06-16T00:55:56
db:PACKETSTORMid:157350date:2020-04-22T15:11:05
db:PACKETSTORMid:157351date:2020-04-22T15:11:12
db:PACKETSTORMid:157549date:2020-05-04T17:28:54
db:PACKETSTORMid:157779date:2020-05-20T16:01:16
db:PACKETSTORMid:157331date:2020-04-21T20:00:19
db:PACKETSTORMid:157776date:2020-05-20T15:59:45
db:PACKETSTORMid:168802date:2020-04-28T19:12:00
db:CNNVDid:CNNVD-202004-843date:2020-04-14T00:00:00
db:NVDid:CVE-2020-2781date:2020-04-15T14:15:00