CVE-2015-7940 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 77%

Affected Products (NVD)

Vendor	Product	Version
opensuse	leap	42.1
opensuse	opensuse	13.1
opensuse	opensuse	13.2
bouncycastle	bouncy_castle_crypto_package	𝑥 ≤ 1.50
oracle	application_testing_suite	12.5.0.1
oracle	application_testing_suite	12.5.0.2
oracle	application_testing_suite	12.5.0.3
oracle	enterprise_manager_ops_center	12.1.4
oracle	enterprise_manager_ops_center	12.2.2
oracle	peoplesoft_enterprise_peopletools	8.54
oracle	peoplesoft_enterprise_peopletools	8.55
oracle	virtual_desktop_infrastructure	3.5.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

bouncycastle

bookworm	1.72-2 fixed
bullseye	1.68-2 fixed
sid	1.77-1 fixed
trixie	1.77-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

bouncycastle

artful	not-affected
bionic	not-affected
precise	ignored
trusty	Fixed 1.49+dfsg-2ubuntu0.1 released
vivid	ignored
wily	ignored
xenial	not-affected
yakkety	ignored
zesty	ignored

openSUSE / SLES Releases

openSUSE Product

Release

bouncycastle

suse enterprise desktop 15 SP2	1.64-1.63 fixed
suse enterprise desktop 15 SP3	1.64-1.63 fixed
suse enterprise desktop 15 SP4	1.64-3.3.1 fixed
suse enterprise desktop 15 SP5	1.72-150200.3.12.1 fixed
suse enterprise desktop 15 SP6	1.77-150200.3.24.1 fixed
suse enterprise desktop 15 SP7	1.79-150200.3.32.2 fixed
suse enterprise sap 15 SP2	1.64-1.63 fixed
suse enterprise sap 15 SP3	1.64-1.63 fixed
suse enterprise sap 15 SP4	1.64-3.3.1 fixed
suse enterprise sap 15 SP5	1.72-150200.3.12.1 fixed
suse enterprise sap 15 SP6	1.77-150200.3.24.1 fixed
suse enterprise sap 15 SP7	1.79-150200.3.32.2 fixed
suse enterprise server 15 SP2	1.64-1.63 fixed
suse enterprise server 15 SP3	1.64-1.63 fixed
suse enterprise server 15 SP4	1.64-3.3.1 fixed
suse enterprise server 15 SP5	1.72-150200.3.12.1 fixed
suse enterprise server 15 SP6	1.77-150200.3.24.1 fixed
suse enterprise server 15 SP7	1.79-150200.3.32.2 fixed

bouncycastle-pg

suse enterprise desktop 15 SP2	1.64-1.63 fixed
suse enterprise desktop 15 SP3	1.64-1.63 fixed
suse enterprise desktop 15 SP4	1.64-3.3.1 fixed
suse enterprise desktop 15 SP5	1.72-150200.3.12.1 fixed
suse enterprise desktop 15 SP6	1.77-150200.3.24.1 fixed
suse enterprise desktop 15 SP7	1.79-150200.3.32.2 fixed
suse enterprise sap 15 SP2	1.64-1.63 fixed
suse enterprise sap 15 SP3	1.64-1.63 fixed
suse enterprise sap 15 SP4	1.64-3.3.1 fixed
suse enterprise sap 15 SP5	1.72-150200.3.12.1 fixed
suse enterprise sap 15 SP6	1.77-150200.3.24.1 fixed
suse enterprise sap 15 SP7	1.79-150200.3.32.2 fixed
suse enterprise server 15 SP2	1.64-1.63 fixed
suse enterprise server 15 SP3	1.64-1.63 fixed
suse enterprise server 15 SP4	1.64-3.3.1 fixed
suse enterprise server 15 SP5	1.72-150200.3.12.1 fixed
suse enterprise server 15 SP6	1.77-150200.3.24.1 fixed
suse enterprise server 15 SP7	1.79-150200.3.32.2 fixed

bouncycastle-pkix

suse enterprise desktop 15 SP5	1.72-150200.3.12.1 fixed
suse enterprise desktop 15 SP6	1.77-150200.3.24.1 fixed
suse enterprise desktop 15 SP7	1.79-150200.3.32.2 fixed
suse enterprise sap 15 SP5	1.72-150200.3.12.1 fixed
suse enterprise sap 15 SP6	1.77-150200.3.24.1 fixed
suse enterprise sap 15 SP7	1.79-150200.3.32.2 fixed
suse enterprise server 15 SP5	1.72-150200.3.12.1 fixed
suse enterprise server 15 SP6	1.77-150200.3.24.1 fixed
suse enterprise server 15 SP7	1.79-150200.3.32.2 fixed

bouncycastle-util

suse enterprise desktop 15 SP5	1.72-150200.3.12.1 fixed
suse enterprise desktop 15 SP6	1.77-150200.3.24.1 fixed
suse enterprise desktop 15 SP7	1.79-150200.3.32.2 fixed
suse enterprise sap 15 SP5	1.72-150200.3.12.1 fixed
suse enterprise sap 15 SP6	1.77-150200.3.24.1 fixed
suse enterprise sap 15 SP7	1.79-150200.3.32.2 fixed
suse enterprise server 15 SP5	1.72-150200.3.12.1 fixed
suse enterprise server 15 SP6	1.77-150200.3.24.1 fixed
suse enterprise server 15 SP7	1.79-150200.3.32.2 fixed

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html

http://rhn.redhat.com/errata/RHSA-2016-2035.html

http://rhn.redhat.com/errata/RHSA-2016-2036.html

http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html

http://www.debian.org/security/2015/dsa-3417

http://www.openwall.com/lists/oss-security/2015/10/22/7

http://www.openwall.com/lists/oss-security/2015/10/22/9

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.securityfocus.com/bid/79091

http://www.securitytracker.com/id/1037036

http://www.securitytracker.com/id/1037046

http://www.securitytracker.com/id/1037053

https://usn.ubuntu.com/3727-1/

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html

http://rhn.redhat.com/errata/RHSA-2016-2035.html

http://rhn.redhat.com/errata/RHSA-2016-2036.html

http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html

http://www.debian.org/security/2015/dsa-3417

http://www.openwall.com/lists/oss-security/2015/10/22/7

http://www.openwall.com/lists/oss-security/2015/10/22/9

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.securityfocus.com/bid/79091

http://www.securitytracker.com/id/1037036

http://www.securitytracker.com/id/1037046

http://www.securitytracker.com/id/1037053

https://usn.ubuntu.com/3727-1/

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html