CVE-2016-0264

high-risk

Published 2016-05-24

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.

Do I need to act?

12.8% chance of exploitation in next 30 days

EPSS score — higher than 87% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.6/10 Medium

NETWORK / HIGH complexity

Affected Products (20)

Linux Enterprise Software Development Kit

Satellite

Enterprise Linux Desktop

Enterprise Linux Hpc Node Supplementary

Enterprise Linux Server

Enterprise Linux Server Eus

Enterprise Linux Workstation

Linux Enterprise Software Development Kit

Suse Linux Enterprise Server

Manager

Manager Proxy

Linux Enterprise Server

Java Sdk

Enterprise Linux Desktop

Affected Vendors

Redhat Suse Ibm

References (36)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0701.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0702.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0708.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0716.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-1039.html

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21980826

Third Party Advisory http://www.securitytracker.com/id/1035953

Third Party Advisory https://access.redhat.com/errata/RHSA-2016:1430

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1216

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html

and 16 more references

/ 100

high-risk

Severity 18/34 · Moderate

Exploitability 12/34 · Low

Exposure 23/34 · High