Vulnerability Details CVE-2015-5041
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.6%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872
- http://www-01.ibm.com/support/docview.wss?uid=swg21974194
- http://www.securityfocus.com/bid/82451
- https://access.redhat.com/errata/RHSA-2016:1430
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872
- http://www-01.ibm.com/support/docview.wss?uid=swg21974194
- http://www.securityfocus.com/bid/82451
- https://access.redhat.com/errata/RHSA-2016:1430
Products affected by CVE-2015-5041
-
cpe:2.3:a:ibm:java_sdk:6.0.0.0
-
cpe:2.3:a:ibm:java_sdk:6.0.1.0
-
cpe:2.3:a:ibm:java_sdk:6.0.1.8.15
-
cpe:2.3:a:ibm:java_sdk:6.0.10.0
-
cpe:2.3:a:ibm:java_sdk:6.0.10.1
-
cpe:2.3:a:ibm:java_sdk:6.0.11.0
-
cpe:2.3:a:ibm:java_sdk:6.0.12.0
-
cpe:2.3:a:ibm:java_sdk:6.0.13.0
-
cpe:2.3:a:ibm:java_sdk:6.0.13.1
-
cpe:2.3:a:ibm:java_sdk:6.0.13.2
-
cpe:2.3:a:ibm:java_sdk:6.0.14.0
-
cpe:2.3:a:ibm:java_sdk:6.0.15.0
-
cpe:2.3:a:ibm:java_sdk:6.0.15.1
-
cpe:2.3:a:ibm:java_sdk:6.0.15.21
-
cpe:2.3:a:ibm:java_sdk:6.0.16.0
-
cpe:2.3:a:ibm:java_sdk:6.0.16.15
-
cpe:2.3:a:ibm:java_sdk:6.0.16.3
-
cpe:2.3:a:ibm:java_sdk:6.0.16.7
-
cpe:2.3:a:ibm:java_sdk:6.0.2.0
-
cpe:2.3:a:ibm:java_sdk:6.0.3.0
-
cpe:2.3:a:ibm:java_sdk:6.0.4.0
-
cpe:2.3:a:ibm:java_sdk:6.0.5.0
-
cpe:2.3:a:ibm:java_sdk:6.0.6.0
-
cpe:2.3:a:ibm:java_sdk:6.0.7.0
-
cpe:2.3:a:ibm:java_sdk:6.0.8.0
-
cpe:2.3:a:ibm:java_sdk:6.0.8.1
-
cpe:2.3:a:ibm:java_sdk:6.0.9.0
-
cpe:2.3:a:ibm:java_sdk:6.0.9.1
-
cpe:2.3:a:ibm:java_sdk:6.0.9.2
-
cpe:2.3:a:ibm:java_sdk:6.1.0.0
-
cpe:2.3:a:ibm:java_sdk:6.1.8.15
-
cpe:2.3:a:ibm:java_sdk:6.1.8.2
-
cpe:2.3:a:ibm:java_sdk:6.1.8.7
-
cpe:2.3:a:ibm:java_sdk:7.0.0.0
-
cpe:2.3:a:ibm:java_sdk:7.0.1.0
-
cpe:2.3:a:ibm:java_sdk:7.0.2.0
-
cpe:2.3:a:ibm:java_sdk:7.0.3.0
-
cpe:2.3:a:ibm:java_sdk:7.0.4.0
-
cpe:2.3:a:ibm:java_sdk:7.0.4.1
-
cpe:2.3:a:ibm:java_sdk:7.0.4.2
-
cpe:2.3:a:ibm:java_sdk:7.0.5.0
-
cpe:2.3:a:ibm:java_sdk:7.0.6.0
-
cpe:2.3:a:ibm:java_sdk:7.0.6.1
-
cpe:2.3:a:ibm:java_sdk:7.0.7.0
-
cpe:2.3:a:ibm:java_sdk:7.0.8.10
-
cpe:2.3:a:ibm:java_sdk:7.0.9.10
-
cpe:2.3:a:ibm:java_sdk:7.0.9.20
-
cpe:2.3:a:ibm:java_sdk:7.1.0.0
-
cpe:2.3:a:ibm:java_sdk:7.1.1.0
-
cpe:2.3:a:ibm:java_sdk:7.1.2.10
-
cpe:2.3:a:ibm:java_sdk:7.1.3.10
-
cpe:2.3:a:ibm:java_sdk:7.1.3.20
-
cpe:2.3:a:ibm:websphere_application_server:-
-
cpe:2.3:a:ibm:websphere_application_server:2.0
-
cpe:2.3:a:ibm:websphere_application_server:3.0
-
cpe:2.3:a:ibm:websphere_application_server:3.0.0.3
-
cpe:2.3:a:ibm:websphere_application_server:3.0.2
-
cpe:2.3:a:ibm:websphere_application_server:3.0.2.1
-
cpe:2.3:a:ibm:websphere_application_server:3.0.2.2
-
cpe:2.3:a:ibm:websphere_application_server:3.0.2.3
-
cpe:2.3:a:ibm:websphere_application_server:3.0.2.4
-
cpe:2.3:a:ibm:websphere_application_server:3.0.9.20
-
cpe:2.3:a:redhat:satellite:5.6
-
cpe:2.3:a:redhat:satellite:5.7
-
cpe:2.3:o:suse:linux_enterprise_server:11
-
cpe:2.3:o:suse:linux_enterprise_server:12
-
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11
-
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12
-
cpe:2.3:o:suse:suse_linux_enterprise_server:12