Lucene search

[email protected]NVD:CVE-2015-5041

HistoryJun 06, 2016 - 5:59 p.m.

CVE-2015-5041

2016-06-0617:59:00

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.6

Confidence

High

EPSS

0.006

Percentile

78.7%

JSON

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

Affected configurations

Nvd

Node

ibmjava_sdkRange6.0.0.0–6.0.16.20technology

ibmjava_sdkRange6.1.0.0–6.1.8.20technology

ibmjava_sdkRange7.0.0.0–7.0.9.30technology

ibmjava_sdkRange7.1.0.0–7.1.3.30technology

Node

suselinux_enterprise_serverMatch11sp2ltss

suselinux_enterprise_serverMatch11sp4

suselinux_enterprise_serverMatch12sp1

suselinux_enterprise_software_development_kitMatch11sp4

suselinux_enterprise_software_development_kitMatch12

suselinux_enterprise_software_development_kitMatch12sp1

susesuse_linux_enterprise_serverMatch12

Node

ibmwebsphere_application_serverRange≤3.0.9.20

Node

redhatsatelliteMatch5.6

redhatsatelliteMatch5.7

VendorProductVersionCPE
ibmjava_sdk*cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*
suselinux_enterprise_server11cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
suselinux_enterprise_server11cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
suselinux_enterprise_server12cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
suselinux_enterprise_software_development_kit11cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
suselinux_enterprise_software_development_kit12cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
suselinux_enterprise_software_development_kit12cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
susesuse_linux_enterprise_server12cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
ibmwebsphere_application_server*cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
redhatsatellite5.6cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	java_sdk	*	cpe:2.3:a:ibm:java_sdk:::::technology:::*
suse	linux_enterprise_server	11	cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*
suse	linux_enterprise_server	11	cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::
suse	linux_enterprise_server	12	cpe:2.3:o:suse:linux_enterprise_server:12:sp1::::::
suse	linux_enterprise_software_development_kit	11	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4::::::
suse	linux_enterprise_software_development_kit	12	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:::::::*
suse	linux_enterprise_software_development_kit	12	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1::::::
suse	suse_linux_enterprise_server	12	cpe:2.3:o:suse:suse_linux_enterprise_server:12:::::::*
ibm	websphere_application_server	*	cpe:2.3:a:ibm:websphere_application_server::::::::
redhat	satellite	5.6	cpe:2.3:a:redhat:satellite:5.6:::::::*