Lucene search

[email protected]CVE-2015-5041

HistoryJun 06, 2016 - 5:59 p.m.

CVE-2015-5041

2016-06-0617:59:00

CWE-200

[email protected]

web.nvd.nist.gov

ibm

sdk

j9 jvm

cve-2015-5041

vulnerability

nvd

java technology

security

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.7 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.7%

JSON

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

Affected configurations

NVD

Node

ibmjava_sdkRange6.0.0.0–6.0.16.20technology

ibmjava_sdkRange6.1.0.0–6.1.8.20technology

ibmjava_sdkRange7.0.0.0–7.0.9.30technology

ibmjava_sdkRange7.1.0.0–7.1.3.30technology

Node

suselinux_enterprise_serverMatch11sp2ltss

suselinux_enterprise_serverMatch11sp4

suselinux_enterprise_serverMatch12sp1

suselinux_enterprise_software_development_kitMatch11sp4

suselinux_enterprise_software_development_kitMatch12

suselinux_enterprise_software_development_kitMatch12sp1

susesuse_linux_enterprise_serverMatch12

Node

ibmwebsphere_application_serverRange≤3.0.9.20

Node

redhatsatelliteMatch5.6

redhatsatelliteMatch5.7

CPENameOperatorVersion
ibm:java_sdkibm java sdklt6.0.16.20
ibm:java_sdkibm java sdklt6.1.8.20
ibm:java_sdkibm java sdklt7.0.9.30
ibm:java_sdkibm java sdklt7.1.3.30