CVE-2015-5041

CWE-200 — Information Exposure5 documents5 sources

Severity

9.1CRITICAL

EPSS

0.9%

top 24.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Java SDK IBM Websphere Application Server Redhat Satellite +3 more

Timeline

PublishedJun 6

Latest updateMay 14

Description

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages6 packages

▶NVDibm/java_sdk6.0.0.0 — 6.0.16.20+3

▶NVDibm/websphere_application_server3.0.9.20

▶NVDredhat/satellite5.6, 5.7+1

▶NVDsuse/linux_enterprise_server11, 12+1

▶NVDsuse/suse_linux_enterprise_server12

🔴Vulnerability Details

GHSA

GHSA-7v4m-8wwx-8xgc: The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote att↗2022-05-14

▶

CVEList

CVE-2015-5041: The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote att↗2016-06-06

▶

📋Vendor Advisories

Red Hat

JDK: J9 JVM allows code to invoke non-public interface methods↗2016-01-27

▶

💬Community

Bugzilla

CVE-2015-5041 IBM JDK: J9 JVM allows code to invoke non-public interface methods↗2016-01-28

▶