CVE-2015-5041

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
ibmjava_sdk
6.0.0.0 ≤
𝑥
< 6.0.16.20
ibmjava_sdk
6.1.0.0 ≤
𝑥
< 6.1.8.20
ibmjava_sdk
7.0.0.0 ≤
𝑥
< 7.0.9.30
ibmjava_sdk
7.1.0.0 ≤
𝑥
< 7.1.3.30
ibmwebsphere_application_server
𝑥
≤ 3.0.9.20
redhatsatellite
5.6
redhatsatellite
5.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html
http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872
http://www-01.ibm.com/support/docview.wss?uid=swg21974194
http://www.securityfocus.com/bid/82451
https://access.redhat.com/errata/RHSA-2016:1430
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html
http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872
http://www-01.ibm.com/support/docview.wss?uid=swg21974194
http://www.securityfocus.com/bid/82451
https://access.redhat.com/errata/RHSA-2016:1430