How severe is CVE-2020-2757?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2020-2757?

This is classified as CWE-502, which is a common weakness in software security.

CVE-2020-2757 - LOW Severity | CVSS 3.7

Vulnerability Description

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Related Vulnerabilities

CVE-2020-2756

LOW

CVSS:3.7(Low)

CWE-5022020

CVE-2024-21217

LOW

CVSS:3.7(Low)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Jav...

CWE-5022024

CVE-2023-26592

LOW

CVSS:3.8(Low)

Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable a denial of service via local access.

CWE-5022023

CVE-2024-34274

LOW

CVSS:3.9(Low)

OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglobals and bdclient_spot of the OpenBD software uses serialized data, which can be used to execute arbi...

CWE-5022024

CVE-2025-30012

LOW

CVSS:3.9(Low)

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM stack to accept binary Java objects in specific encoding format. ...

CWE-5022025

CVE-2023-35814

LOW

CVSS:3.5(Low)

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms.

CWE-5022023