CVE-2014-8891

5 documents5 sources

Severity

10.0CRITICAL

EPSS

6.6%

top 8.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Java SDK

Timeline

PublishedMar 6

Latest updateMay 14

Description

Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/java_sdk6.0.0.0 — 6.0.16.3+4

🔴Vulnerability Details

GHSA

GHSA-cgw9-qmr5-66r3: Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5↗2022-05-14

▶

CVEList

CVE-2014-8891: Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5↗2015-03-06

▶

📋Vendor Advisories

Red Hat

JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update↗2015-02-04

▶

💬Community

Bugzilla

CVE-2014-8891 IBM JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update↗2015-02-04

▶