Common Vulnerabilities and Exposures Fixes
Azul Prime 21.02.0.0 is based on Azul Prime 21.01.0.0 that contains no JDK Common Vulnerabilities and Exposure (CVE) fixes as there are no CVE fixes in the January 2021 CPU release of OpenJDK 7u291, OpenJDK 8u281, OpenJDK 11.0.9.1.101, and OpenJDK 13.0.5.1.101.
January 2021 CVE Fix
CVSS VERSION 3.0 RISK
| CVE # | Component | Protocol | Remote Exploit without Auth. | Base Score | Attack Vector | Attack Complex | Privs Req’d | User Interact | Scope | Confidentiality | Integrity | Availability | Supported Azul Prime Versions Affected | Note |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CVE-2020-14803 |
Libraries |
Multiple |
Yes |
5.3 |
Network |
L |
N |
N |
U |
L |
N |
N |
N/A* |
1 |
-
Fixed in the October 2020 CPU release of Azul Prime. See October 2020 Common Vulnerabilities and Exposures Fixes for details.
Base and Impact Metric:
| Metrics | Values |
|---|---|
Attack Vector |
Network (N), Adjacent (A), Local (L), and Physical (P) |
Attack Complexity |
Low (L) and High (H) |
Privileges Required |
None (N), Low (L), and High (H) |
User Interaction |
None (N) and Required ® |
Scope |
Unchanged (U) and Changed © |
Confidentiality Impact |
High (H), Low (L), and None (N) |
Integrity Impact |
High (H), Low (L), and None (N) |
Availability Impact |
High (H), Low (L), and None (N) |
|
Note
|
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
In-Depth Non-CVE Security Fixes
The following table lists an in-depth non-CVE security fix implemented specifically for Azul Prime.
January 2021 Non-CVE Security Fix
| Patch ID in OpenJDK Bug DB | JDK Levels Applicable in Azul Prime | Synopsis | Java Update Type |
|---|---|---|---|
15, 13, 11, 8, 7 |
Improve Direct Buffering of Characters |
CPU |