CVE-2020-14718

HIGH

Oracle GraalVM Enterprise Edition 19.3.2 and 20.1.0 - Remote Code Execution

Title source: llm
STIX 2.1

Description

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI). Supported versions that are affected are 19.3.2 and 20.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

References (1)

Core 1
Core References

Scores

CVSS v3 7.2
EPSS 0.0149
EPSS Percentile 71.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (2)
oracle/graalvm 19.3.2
oracle/graalvm 20.1.0
Published Jul 15, 2020
Tracked Since Feb 18, 2026