#VU25088 Improper input validation


Published: 2020-02-10

Vulnerability identifier: #VU25088

Vulnerability risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-2601

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Security component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation
Install updates from vendor's website.

External links
http://www.oracle.com/security-alerts/cpujan2020.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Improper input validation in IBM CICS TX on Cloud
IBM Tivoli Monitoring update for IBM Java SDK
Multiple vulnerabilities in Dell EMC Data Protection Search
Multiple vulnerabilities in Dell EMC Secure Remote Services (SRS) Virtual Edition
Multiple vulnerabilities in Dell EMC ECS
Gentoo update for OpenJDK
Multiple vulnerabilities in Juniper Junos Space
Red Hat Enterprise Linux 7 Supplementary update for java-1.8.0-ibm
IBM VIOS update for Java SDK
IBM AIX update for Java SDK