CVE-2015-1914

CWE-200Information Exposure5 documents5 sources
Severity
5.0MEDIUM
EPSS
0.2%
top 55.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Java
Timeline
PublishedJul 2
Latest updateMay 14

Description

IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/java5.0.0.05.0.16.10+4

🔴Vulnerability Details

2
GHSA
GHSA-f6r5-5pp4-r7jw: IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 52022-05-14
CVEList
CVE-2015-1914: IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 52015-07-02

📋Vendor Advisories

1
Red Hat
JDK: unspecified partial Java sandbox restrictions bypass2015-05-06

💬Community

1
Bugzilla
CVE-2015-1914 IBM JDK: unspecified partial Java sandbox restrictions bypass2015-05-06
CVE-2015-1914 (MEDIUM CVSS 5) | IBM Java 7 R1 before SR3 | cvebase.io