{"id":"CVE-2020-2601","details":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).","modified":"2026-04-10T04:25:19.423068Z","published":"2020-01-15T17:15:20.300Z","related":["CGA-24hg-25gp-62qx","MGASA-2020-0069","SUSE-SU-2020:0140-1","SUSE-SU-2020:0213-1","SUSE-SU-2020:0231-1","SUSE-SU-2020:0261-1","SUSE-SU-2020:0628-1","openSUSE-SU-2020:0113-1","openSUSE-SU-2020:0147-1","openSUSE-SU-2024:10871-1","openSUSE-SU-2024:10872-1","openSUSE-SU-2024:10876-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0122"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0128"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0157"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0202"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0541"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200122-0003/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4257-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4621"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0196"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202101-19"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0231"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0232"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0632"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4605"},{"type":"REPORT","url":"https://seclists.org/bugtraq/2020/Feb/22"},{"type":"REPORT","url":"https://seclists.org/bugtraq/2020/Jan/24"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2020.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openjdk/jdk","events":[{"introduced":"0"},{"last_affected":"d5b466657e29a5338b84fa9acfc1b76bf8c39d61"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"19.10"}]}},{"type":"GIT","repo":"https://github.com/openjdk/jdk15u","events":[{"introduced":"0"},{"last_affected":"13ad3ed8b99f8c872eebb5d0bb647d5bb44ea0b5"},{"introduced":"0"},{"last_affected":"1408dbfdbe550dcdea4cb9a849fab6cb371ded18"},{"introduced":"0"},{"last_affected":"e9a2e84e45e1120aa306a01dfb087200f6a7f903"},{"introduced":"0"},{"last_affected":"d38a1f186d640dede9fccb727ec98db3a413f9d8"},{"introduced":"0"},{"last_affected":"0d3829a2c5a70961ffc539865adc1442c1a30bb1"},{"introduced":"0"},{"last_affected":"880e09412543af479bc335faeda6196489a2a045"},{"introduced":"0"},{"last_affected":"34063e3656db6d0cadb9168f37024e6e66fc2372"},{"introduced":"0"},{"last_affected":"81ecd2932e0caee8ed01955fccc9e958c6a5cda3"},{"introduced":"0"},{"last_affected":"8261ee6da3c5843806c20808cc4206c73bb0efac"},{"introduced":"0"},{"last_affected":"22e500e3a917594cd93baaf8b5c7d29360d250d1"},{"introduced":"0"},{"last_affected":"a9a271179d2a7952154b7509a999b100cc98b13c"},{"introduced":"0"},{"last_affected":"d5914f18390f71c9bdc333f66cbee6164eb7f857"},{"introduced":"0"},{"last_affected":"62007a12b80f381c687f60825b20fe0bbeeb5eaa"},{"introduced":"0"},{"last_affected":"74882b0d0dbe23ee43b60ff4d5b2ede8a0ad4679"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7-update80"},{"introduced":"0"},{"last_affected":"7-update85"},{"introduced":"0"},{"last_affected":"8-update102"},{"introduced":"0"},{"last_affected":"8-update112"},{"introduced":"0"},{"last_affected":"8-update20"},{"introduced":"0"},{"last_affected":"8-update40"},{"introduced":"0"},{"last_affected":"8-update60"},{"introduced":"0"},{"last_affected":"8-update66"},{"introduced":"0"},{"last_affected":"8-update72"},{"introduced":"0"},{"last_affected":"8-update92"},{"introduced":"0"},{"last_affected":"11"},{"introduced":"0"},{"last_affected":"13"},{"introduced":"0"},{"last_affected":"10.0"},{"introduced":"0"},{"last_affected":"15.1"}]}}],"versions":["jdk-10+0","jdk-10+20","jdk-10+21","jdk-10+22","jdk-10+23","jdk-10+24","jdk-11+0","jdk-12+0","jdk-13+25","jdk-13+26","jdk-13+27","jdk-13+30","jdk-13+31","jdk-13+32","jdk-13+33","jdk-13-ga","jdk-14+0","jdk-15+0","jdk-15+1","jdk-15+2","jdk-15+3","jdk-15+4","jdk-15+6","jdk-16+14","jdk-16+15","jdk-16+16","jdk-16+17","jdk-16+18","jdk-16+19","jdk-16+20","jdk-16+21","jdk-16+22","jdk-16+23","jdk-16+24","jdk-16+25","jdk-16+26","jdk-16+27","jdk-16+28","jdk-17+0","jdk-17+1","jdk-17+10","jdk-17+11","jdk-17+12","jdk-17+13","jdk-17+14","jdk-17+15","jdk-17+16","jdk-17+17","jdk-17+18","jdk-17+19","jdk-17+2","jdk-17+20","jdk-17+21","jdk-17+22","jdk-17+23","jdk-17+24","jdk-17+25","jdk-17+26","jdk-17+3","jdk-17+4","jdk-17+5","jdk-17+6","jdk-17+7","jdk-17+8","jdk-17+9","jdk-18+0","jdk-18+1","jdk-18+10","jdk-18+11","jdk-18+12","jdk-18+13","jdk-18+14","jdk-18+15","jdk-18+16","jdk-18+17","jdk-18+18","jdk-18+19","jdk-18+2","jdk-18+20","jdk-18+21","jdk-18+22","jdk-18+23","jdk-18+24","jdk-18+25","jdk-18+26","jdk-18+27","jdk-18+3","jdk-18+4","jdk-18+5","jdk-18+6","jdk-18+7","jdk-18+8","jdk-18+9","jdk-19+0","jdk-19+1","jdk-19+10","jdk-19+2","jdk-19+3","jdk-19+4","jdk-19+5","jdk-19+6","jdk-19+7","jdk-19+8","jdk-19+9","jdk-9+100","jdk-9+101","jdk-9+102","jdk-9+103","jdk-9+104","jdk-9+105","jdk-9+106","jdk-9+107","jdk-9+108","jdk-9+109","jdk-9+110","jdk-9+111","jdk-9+112","jdk-9+113","jdk-9+114","jdk-9+115","jdk-9+116","jdk-9+117","jdk-9+118","jdk-9+119","jdk-9+120","jdk-9+121","jdk-9+122","jdk-9+123","jdk-9+124","jdk-9+127","jdk-9+128","jdk-9+129","jdk-9+130","jdk-9+131","jdk-9+132","jdk-9+133","jdk-9+134","jdk-9+135","jdk-9+136","jdk-9+137","jdk-9+138","jdk-9+139","jdk-9+140","jdk-9+141","jdk-9+142","jdk-9+143","jdk-9+144","jdk-9+145","jdk-9+146","jdk-9+147","jdk-9+148","jdk-9+149","jdk-9+150","jdk-9+151","jdk-9+152","jdk-9+153","jdk-9+154","jdk-9+155","jdk-9+156","jdk-9+95","jdk-9+96","jdk-9+97","jdk-9+98","jdk-9+99","jdk7-b100","jdk7-b101","jdk7-b102","jdk7-b103","jdk7-b104","jdk7-b105","jdk7-b106","jdk7-b107","jdk7-b108","jdk7-b120","jdk7-b121","jdk7-b122","jdk7-b123","jdk7-b124","jdk7-b125","jdk7-b126","jdk7-b127","jdk7-b128","jdk7-b129","jdk7-b130","jdk7-b131","jdk7-b132","jdk7-b133","jdk7-b134","jdk7-b135","jdk7-b136","jdk7-b137","jdk7-b138","jdk7-b139","jdk7-b140","jdk7-b141","jdk7-b143","jdk7-b24","jdk7-b25","jdk7-b26","jdk7-b27","jdk7-b28","jdk7-b31","jdk7-b32","jdk7-b33","jdk7-b34","jdk7-b35","jdk7-b36","jdk7-b38","jdk7-b39","jdk7-b40","jdk7-b41","jdk7-b44","jdk7-b45","jdk7-b46","jdk7-b48","jdk7-b49","jdk7-b50","jdk7-b51","jdk7-b53","jdk7-b54","jdk7-b55","jdk7-b56","jdk7-b60","jdk7-b61","jdk7-b62","jdk7-b63","jdk7-b64","jdk7-b65","jdk7-b66","jdk7-b68","jdk7-b70","jdk7-b71","jdk7-b72","jdk7-b73","jdk7-b74","jdk7-b75","jdk7-b76","jdk7-b77","jdk7-b78","jdk7-b79","jdk7-b80","jdk7-b81","jdk7-b82","jdk7-b83","jdk7-b84","jdk7-b85","jdk7-b86","jdk7-b87","jdk7-b88","jdk7-b89","jdk7-b90","jdk7-b91","jdk7-b92","jdk7-b93","jdk7-b94","jdk7-b95","jdk7-b96","jdk7-b97","jdk7-b98","jdk7-b99","jdk8-b01","jdk8-b102","jdk8-b103","jdk8-b104","jdk8-b105","jdk8-b106","jdk8-b107","jdk8-b108","jdk8-b109","jdk8-b110","jdk8-b111","jdk8-b112","jdk8-b119","jdk8-b120","jdk8-b15","jdk8-b16","jdk8-b18","jdk8-b19","jdk8-b20","jdk8-b21","jdk8-b22","jdk8-b23","jdk8-b24","jdk8-b25","jdk8-b26","jdk8-b27","jdk8-b28","jdk8-b29","jdk8-b30","jdk8-b31","jdk8-b32","jdk8-b33","jdk8-b34","jdk8-b35","jdk8-b36","jdk8-b37","jdk8-b38","jdk8-b39","jdk8-b40","jdk8-b41","jdk8-b42","jdk8-b43","jdk8-b44","jdk8-b45","jdk8-b46","jdk8-b49","jdk8-b50","jdk8-b52","jdk8-b53","jdk8-b54","jdk8-b55","jdk8-b56","jdk8-b57","jdk8-b58","jdk8-b59","jdk8-b60","jdk8-b61","jdk8-b62","jdk8-b63","jdk8-b64","jdk8-b65","jdk8-b66","jdk8-b67","jdk8-b68","jdk8-b69","jdk8-b70","jdk8-b71","jdk8-b72","jdk8-b73","jdk8-b74","jdk8-b78","jdk8-b79","jdk8-b80","jdk8-b81","jdk8-b82","jdk8-b83","jdk8-b84","jdk8-b85","jdk8-b86","jdk8-b87","jdk8-b88","jdk8-b89","jdk8-b90","jdk8-b91","jdk8-b92","jdk9-b00","jdk9-b01","jdk9-b04","jdk9-b05","jdk9-b06","jdk9-b07","jdk9-b08","jdk9-b10","jdk9-b11","jdk9-b12","jdk9-b13","jdk9-b14","jdk9-b15","jdk9-b16","jdk9-b17","jdk9-b18","jdk9-b19","jdk9-b20","jdk9-b21","jdk9-b23","jdk9-b24","jdk9-b25","jdk9-b26","jdk9-b27","jdk9-b30","jdk9-b31","jdk9-b32","jdk9-b33","jdk9-b34","jdk9-b35","jdk9-b36","jdk9-b37","jdk9-b38","jdk9-b39","jdk9-b40","jdk9-b41","jdk9-b42","jdk9-b43","jdk9-b44","jdk9-b45","jdk9-b46","jdk9-b47","jdk9-b48","jdk9-b49","jdk9-b50","jdk9-b51","jdk9-b52","jdk9-b53","jdk9-b54","jdk9-b55","jdk9-b56","jdk9-b57","jdk9-b58","jdk9-b59","jdk9-b60","jdk9-b61","jdk9-b62","jdk9-b63","jdk9-b64","jdk9-b65","jdk9-b66","jdk9-b67","jdk9-b68","jdk9-b69","jdk9-b70","jdk9-b71","jdk9-b72","jdk9-b73","jdk9-b74","jdk9-b75","jdk9-b76","jdk9-b77","jdk9-b78","jdk9-b79","jdk9-b80","jdk9-b81","jdk9-b82","jdk9-b83","jdk9-b84","jdk9-b85","jdk9-b86","jdk9-b87","jdk9-b88","jdk9-b89","jdk9-b90","jdk9-b91","jdk9-b92","jdk9-b94"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-2601.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.7.0-update241"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-update231"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0.5"}]},{"events":[{"introduced":"0"},{"last_affected":"13.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.0-update_241"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-update_231"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0.5"}]},{"events":[{"introduced":"0"},{"last_affected":"13.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"7-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"7-update241"}]},{"events":[{"introduced":"0"},{"last_affected":"8-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update152"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update162"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update172"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update192"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update202"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update212"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update222"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update232"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0.2"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0.5"}]},{"events":[{"introduced":"0"},{"last_affected":"13.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"7.3"}]},{"events":[{"introduced":"9.5"}]},{"events":[{"introduced":"11.0.0"},{"last_affected":"11.60.3"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"}]}