CVE-2015-5041

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
ibmjava_sdk
6.0.0.0 ≤
𝑥
< 6.0.16.20
ibmjava_sdk
6.1.0.0 ≤
𝑥
< 6.1.8.20
ibmjava_sdk
7.0.0.0 ≤
𝑥
< 7.0.9.30
ibmjava_sdk
7.1.0.0 ≤
𝑥
< 7.1.3.30
ibmwebsphere_application_server
𝑥
≤ 3.0.9.20
redhatsatellite
5.6
redhatsatellite
5.7
𝑥
= Vulnerable software versions
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
java-1.6.0-ibm
RHEL 6
1:1.6.0.16.20-1jpp.1.el6_7
fixed
java-1.6.0-ibm-demo
RHEL 6
1:1.6.0.16.20-1jpp.1.el6_7
fixed
java-1.6.0-ibm-devel
RHEL 6
1:1.6.0.16.20-1jpp.1.el6_7
fixed
java-1.6.0-ibm-javacomm
RHEL 6
1:1.6.0.16.20-1jpp.1.el6_7
fixed
java-1.6.0-ibm-jdbc
RHEL 6
1:1.6.0.16.20-1jpp.1.el6_7
fixed
java-1.6.0-ibm-plugin
RHEL 6
1:1.6.0.16.20-1jpp.1.el6_7
fixed
java-1.6.0-ibm-src
RHEL 6
1:1.6.0.16.20-1jpp.1.el6_7
fixed
java-1.7.1-ibm
RHEL 6
1:1.7.1.3.30-1jpp.2.el6_7
fixed
RHEL 7
1:1.7.1.3.30-1jpp.1.el7
fixed
java-1.7.1-ibm-demo
RHEL 6
1:1.7.1.3.30-1jpp.2.el6_7
fixed
RHEL 7
1:1.7.1.3.30-1jpp.1.el7
fixed
java-1.7.1-ibm-devel
RHEL 6
1:1.7.1.3.30-1jpp.2.el6_7
fixed
RHEL 7
1:1.7.1.3.30-1jpp.1.el7
fixed
java-1.7.1-ibm-jdbc
RHEL 6
1:1.7.1.3.30-1jpp.2.el6_7
fixed
RHEL 7
1:1.7.1.3.30-1jpp.1.el7
fixed
java-1.7.1-ibm-plugin
RHEL 6
1:1.7.1.3.30-1jpp.2.el6_7
fixed
RHEL 7
1:1.7.1.3.30-1jpp.1.el7
fixed
java-1.7.1-ibm-src
RHEL 6
1:1.7.1.3.30-1jpp.2.el6_7
fixed
RHEL 7
1:1.7.1.3.30-1jpp.1.el7
fixed
java-1.8.0-ibm
RHEL 7
1:1.8.0.2.10-1jpp.1.el7
fixed
java-1.8.0-ibm-demo
RHEL 7
1:1.8.0.2.10-1jpp.1.el7
fixed
java-1.8.0-ibm-devel
RHEL 7
1:1.8.0.2.10-1jpp.1.el7
fixed
java-1.8.0-ibm-jdbc
RHEL 7
1:1.8.0.2.10-1jpp.1.el7
fixed
java-1.8.0-ibm-plugin
RHEL 7
1:1.8.0.2.10-1jpp.1.el7
fixed
java-1.8.0-ibm-src
RHEL 7
1:1.8.0.2.10-1jpp.1.el7
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html
http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872
http://www-01.ibm.com/support/docview.wss?uid=swg21974194
http://www.securityfocus.com/bid/82451
https://access.redhat.com/errata/RHSA-2016:1430
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html
http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872
http://www-01.ibm.com/support/docview.wss?uid=swg21974194
http://www.securityfocus.com/bid/82451
https://access.redhat.com/errata/RHSA-2016:1430