CVE-2015-0192

Advisory lineage Upstream: 0 Downstream: 8

Downstream

RHSA-2015:1006 RHSA-2015:1007 RHSA-2015:1020 RHSA-2015:1021 RHSA-2015:1091 SUSE-SU-2015:1073-1

Modified

Published: 02 Jul 2015, 21:16

Last modified:27 May 2026, 16:05

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.8 CRITICAL

v3.1 (nvd)

EPSS Score

2.5% LOW

2% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

02 Jul 2015, 21:16

Published

Vulnerability first disclosed

27 May 2026, 16:05

Last Modified

Vulnerability information updated

Description

Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

CVSS Metrics

v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 2.50%• Percentile: 86%

Techniques & Countermeasures

CWE-269•Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Systems

ibm•java
≥ 5.0.0.0, < 5.0.16.10 | ≥ 6.0.0.0, ≤ 6.0.16.4 | ≥ 6.1.0.0, < 6.1.8.4 | ≥ 7.0.0.0, ≤ 7.0.9 | ≥ 7.1.0.0, < 7.1.2.11 | ≥ 8.0, < 8.0.1.0
redhat•enterprise_linux_desktop
5.0 | 6.0 | 7.0
redhat•enterprise_linux_server
5.0 | 6.0 | 7.0
redhat•enterprise_linux_server_aus
6.6
redhat•enterprise_linux_server_eus
6.6 | 7.1 | 7.2 | 7.3 | 7.4 | 7.5
redhat•enterprise_linux_workstation
5.0 | 6.0 | 7.0
suse•linux_enterprise_server
10:sp4 | 11:sp1 | 11:sp2 | 12
suse•linux_enterprise_software_development_kit
12