CVE-2015-5041

Advisory lineage Upstream: 0 Downstream: 13

Downstream

RHSA-2016:0098 RHSA-2016:0099 RHSA-2016:0100 RHSA-2016:0101 RHSA-2016:1430 SUSE-SU-2016:0390-1

Modified

Published: 06 Jun 2016, 17:00

Last modified:06 Aug 2024, 06:32

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.1 CRITICAL

v3.0 (nvd)

EPSS Score

0.89% LOW

1% probability -0.11%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

06 Jun 2016, 17:00

Published

Vulnerability first disclosed

06 Aug 2024, 06:32

Last Modified

Vulnerability information updated

Description

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

CVSS Metrics

v3.0•CRITICAL•Score: 9.1CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
v2.0•MEDIUM•Score: 6.4AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS Trends

Current EPSS score: 0.89%• Percentile: 76%

Techniques & Countermeasures

CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

ibm•java_sdk
≥ 6.0.0.0, < 6.0.16.20 | ≥ 6.1.0.0, < 6.1.8.20 | ≥ 7.0.0.0, < 7.0.9.30 | ≥ 7.1.0.0, < 7.1.3.30
ibm•websphere_application_server
≤ 3.0.9.20
redhat•satellite
5.6 | 5.7
suse•linux_enterprise_server
11:sp2 | 11:sp4 | 12:sp1
suse•linux_enterprise_software_development_kit
11:sp4 | 12 | 12:sp1
suse•suse_linux_enterprise_server
12