CVE-2015-2590: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

KEVITW

CISA Known Exploited Vulnerabilitydue 2022-03-24

Exploited in the wild

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

Affected

66 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	openjdk-8	< openjdk-8 8u66-b01-1 (sid)	openjdk-8 8u66-b01-1 (sid)
opensuse	opensuse	—	—
opensuse	opensuse	—	—
oracle	jdk	—	—
oracle	jdk	—	—
oracle	jdk	—	—
oracle	jre	—	—
oracle	jre	—	—
oracle	jre	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_for_ibm_z_systems	—	—

CVSS provenance

nvd10.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL

vulncheck9.8CRITICAL

cisa9.8CRITICAL