You are here

Oracle CPU October 2020 - Airlock Gateway and IAM

IDs: 
CVE-2020-13943, CVE-2020-14792, CVE-2020-14781, CVE-2020-14782, CVE-2020-14797, CVE-2020-14779, CVE-2020-14796, CVE-2020-14798
Keywords: 
java, cpu, Oracle Critical Patch Update
Description: 

The Oracle Critical Patch Update for October 2020 includes updates for Java SE [1] that fix 8 Java SE vulnerabilities.

Airlock Gateway uses Java in the Configuration Center and in several add-on modules.

Airlock Login/IAM before version 7.0 relies on a separately installed Java environment and the Java runtime environment is maintained by the system administrator.

No action required for Airlock Gateway and Login/IAM.

Details:

CVE-2020-13943, CVE-2020-14792, CVE-2020-14779
Does not affect Java deployments that load and run only trusted code.

CVE-2020-14781, CVE-2020-14782, CVE-2020-14798, CVE-2020-14796, CVE-2020-14797
Airlock Gateway and Airlock IAM do either not use the feature or use it only with trusted or validated input.

Resolution: 

General Advice: We strongly recommend to update all client deployments of Java and uninstalling Java from clients where it is not needed.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required