Modification of Assumed-Immutable Data (MAID) in openjdk-jre

Do your applications use this vulnerable package? Test your applications

Overview

openjdk-jre is a free and open-source implementation of the Java Platform, Standard Edition (Java SE).

Affected versions of this package are vulnerable to Modification of Assumed-Immutable Data (MAID) via serialization filter changes via jdk.serialFilter property modification.

Remediation

Upgrade openjdk-jre to version 7.0.251, 8.0.241, 11.0.6, 13.0.2 or higher.

References

Oracle Security Advisory
RedHat Bugzilla Bug

Attack Vector

Network
Attack Complexity

High
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

Credit: Unknown
CVE: CVE-2020-2604
CWE: CWE-471
Snyk ID: SNYK-UPSTREAM-OPENJDKJRE-541979
Disclosed: 14 Jan, 2020
Published: 16 Jan, 2020

Modification of Assumed-Immutable Data (MAID)
Affecting openjdk-jre package, versions [1.7.0, 1.7.0_251) || [1.8.0, 1.8.0_241) || [11.0.0, 11.0.6) || [13.0.0, 13.0.2)

Overview

Remediation

References

CVSS Score

Modification of Assumed-Immutable Data (MAID) Affecting openjdk-jre package, versions [1.7.0, 1.7.0_251) || [1.8.0, 1.8.0_241) || [11.0.0, 11.0.6) || [13.0.0, 13.0.2)

Overview

Remediation

References

Modification of Assumed-Immutable Data (MAID)
Affecting openjdk-jre package, versions [1.7.0, 1.7.0_251) || [1.8.0, 1.8.0_241) || [11.0.0, 11.0.6) || [13.0.0, 13.0.2)