CVE-2015-2590

critical-risk

Published 2015-07-16

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

Do I need to act?

63.0% chance of exploitation in next 30 days

EPSS score — higher than 37% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Jdk

Jre

Ubuntu Linux

Debian Linux

Linux Enterprise Debuginfo

Opensuse

Linux Enterprise Server

Satellite

Enterprise Linux Desktop

Enterprise Linux Eus

Affected Vendors

Oracle Debian Canonical Opensuse Redhat Suse

References (51)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-1228.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-1229.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-1230.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-1241.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-1242.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-1243.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-1485.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-1486.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-1488.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-1526.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-1544.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-1604.html

Mailing List http://www.debian.org/security/2015/dsa-3316

Mailing List http://www.debian.org/security/2015/dsa-3339

Patch http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Broken Link http://www.securityfocus.com/bid/75818

and 31 more references

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 26/34 · High

Exposure 28/34 · Critical