CVE-2015-4732 — Unsynchronized Access to Shared Data in a Multithreaded Context in Oracle JDK
Severity
10.0CRITICALNVD
NVD9.8CNA9.8OSV9.8
EPSS
9.1%
top 7.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 16
Latest updateMay 13
Description
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590.
CVSS vector
AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0
Affected Packages10 packages
Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.04, Enterprise Linux 6.6, 6.7, 7.1, 7.2, 7.3, 7.4, 7.5, 6.0, 6.0_ppc64, 7.0_ppc64, 6.7_ppc64, 7.1_ppc64, 7.2_ppc64, 7.3_ppc64, 7.4_ppc64, 7.5_ppc64, 7.0, 7.6, 7.7
Patches
🔴Vulnerability Details
7GHSA▶
GHSA-mhp7-xhx6-9x45: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality↗2022-05-13
GHSA▶
GHSA-h7cx-3rw4-cg8f: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality↗2022-05-13
OSV▶
CVE-2015-2590: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality↗2015-07-16
OSV▶
CVE-2015-4732: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality↗2015-07-16
📋Vendor Advisories
7Red Hat
▶
Red Hat▶
OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)↗2015-07-14
💬Community
1Bugzilla▶
CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)↗2015-07-12