CVE-2015-5041

high-risk
Published 2016-06-06

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

Do I need to act?

-
0.89% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10 Critical
NETWORK / LOW complexity

Affected Products (11)

Java Sdk

Affected Vendors

Redhat Suse Ibm

References (16)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html
Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872
Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21974194
Third Party Advisory http://www.securityfocus.com/bid/82451
Third Party Advisory https://access.redhat.com/errata/RHSA-2016:1430
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html
Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872
Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21974194
Third Party Advisory http://www.securityfocus.com/bid/82451
Third Party Advisory https://access.redhat.com/errata/RHSA-2016:1430
50
/ 100
high-risk
Severity 31/34 · Critical
Exploitability 3/34 · Minimal
Exposure 16/34 · Moderate