Last Updated on 22/May/2020
KB#: 000016575
Description
Oracle has announced multiple critical vulnerabilities (CVE-2020-2803, CVE-2020-2805, CVE-2019-18197, CVE-2020-2816) exist in following Oracle Java SE versions:
- Oracle Java SE 11.0.6
- Oracle Java SE 8 Update 241
- Oracle Java SE Embedded 8 Update 241
- Oracle Java SE 7 Update 251
For more details, please refer to following articles:
- CVE Page (CVE-2020-2803 etc..)
- Oracle Critical Patch Update Advisory - April 2020
Potential Impact
SVF and SPA Products:
Following products and versions may be affected by CVE-2020-2816.
Product Name | Version |
SVF Web Designer | 10.0 |
Report Director Enterprise | 9.0 to 10.0 |
SVF Connect for Java API | 9.1 to 10.0 |
Dr. Sum Products:
Dr. Sum, Dr. Sum EA, Datalizer and TextOLAP are not affected when severity rating is 7.0 (high) or higher in CVSS Rating.
MotionBoard Products:
Following products and versions may be affected by CVE-2020-2816.
Product Name | Version |
MotionBoard | 4.1 to 6.0 |
Solution
For SVF and SPA
Oracle has no longer provided any patch update for Java7 in public (you need paid support contract to get an update module for Java8). We recommend you apply the latest Service Pack for SVF and SPA products which support Java 11 and use OpenJDK 11.0.7. Please contact us for more details.
For MotionBoard
We are planning to update the version of AdoptOpenJDK to 11.0.7 or later in MotionBoard 6.1. (AdoptOpenJDK 11.0.6 is used for the initial version which is released on 1/June/2020 ).
Comments
0 comments
Please sign in to leave a comment.