CVE-2015-1931

CWE-312 — Cleartext Storage of Sensitive Info5 documents5 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 83.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Java SDK Redhat Enterprise Linux Desktop Redhat Enterprise Linux EUS +5 more

Timeline

PublishedSep 29

Latest updateSep 30

Description

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

▶NVDibm/java_sdk5.0.0.0 — 5.0.16.13+5

▶NVDredhat/satellite5.6, 5.7+1

▶NVDsuse/linux_enterprise_server11

▶NVDredhat/enterprise_linux_server5.0, 6.0, 7.0+2

▶NVDredhat/enterprise_linux_desktop5.0, 6.0, 7.0+2

Also affects: Enterprise Linux 6.7, 7.1, 7.2, 7.3, 7.4, 7.5

🔴Vulnerability Details

GHSA

GHSA-43cg-c28c-82hq: IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 be↗2022-09-30

▶

CVEList

CVE-2015-1931: IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 be↗2020-01-23

▶

📋Vendor Advisories

Red Hat

JDK: plain text data stored in memory dumps↗2015-07-20

▶

💬Community

Bugzilla

CVE-2015-1931 IBM JDK: plain text data stored in memory dumps↗2015-07-20

▶