Ibm Java vulnerabilities

28 known vulnerabilities affecting ibm/java.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL15HIGH4MEDIUM8LOW1

Vulnerabilities

Page 1 of 2

CVE-2023-30441HIGHCVSS 7.5≥ 8.0.7.0, < 8.0.7.15≥ 8.0.7.0, ≤ 8.0.7.112023-04-29

CVE-2023-30441 [HIGH] CWE-327 CVE-2023-30441: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 compon IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.

cvelistv5nvd

CVE-2019-4732MEDIUMCVSS 6.5v7.0.0.0v7.1.0.0+4 more2020-02-03

CVE-2019-4732 [MEDIUM] CWE-426 CVE-2019-4732: IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8. IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an att

cvelistv5nvd

CVE-2019-4473HIGHCVSS 7.8v7.0.0.0v7.1.4.50+4 more2019-08-05

CVE-2019-4473 [HIGH] CWE-427 CVE-2019-4473: Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.

cvelistv5nvd

CVE-2015-0192HIGHCVSS 7.5≥ 5.0.0.0, < 5.0.16.10≥ 6.0.0.0, ≤ 6.0.16.4+4 more2015-07-02

CVE-2015-0192 [HIGH] CVE-2015-0192: Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

nvd

CVE-2015-1914MEDIUMCVSS 5.0≥ 5.0.0.0, < 5.0.16.10≥ 6.0.0.0, < 6.0.16.4+3 more2015-07-02

CVE-2015-1914 [MEDIUM] CWE-200 CVE-2015-1914: IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine.

nvd

CVE-2015-1916MEDIUMCVSS 5.0v8.02015-07-02

CVE-2015-1916 [MEDIUM] CVE-2015-1916: Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of serv Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider.

nvd

CVE-2014-3068MEDIUMCVSS 6.4v5.0.0.0v5.0.11.0+44 more2014-12-02

CVE-2014-3068 [MEDIUM] CWE-255 CVE-2014-3068: IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 b IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.

nvd

CVE-2014-3065MEDIUMCVSS 6.9v5.0.0.0v5.0.11.0+44 more2014-12-02

CVE-2014-3065 [MEDIUM] CWE-94 CVE-2014-3065: Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.

nvd

CVE-2013-0485CRITICALCVSS 10.0v1.4.2v5.0.0.0+2 more2014-01-21

CVE-2013-0485 [CRITICAL] CVE-2013-0485: Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries.

nvd

CVE-2013-5458CRITICALCVSS 9.3v7.0.0.02013-11-24

CVE-2013-5458 [CRITICAL] CVE-2013-5458: Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitr Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors.

nvd

CVE-2013-5457CRITICALCVSS 9.3v6.0.0.0v6.0.1.0+1 more2013-11-24

CVE-2013-5457 [CRITICAL] CVE-2013-5457: Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors.

nvd

CVE-2013-5456CRITICALCVSS 9.3v7.0.0.02013-11-24

CVE-2013-5456 [CRITICAL] CVE-2013-5456: The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attac The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.

nvd

CVE-2013-4041MEDIUMCVSS 6.8v5.0.0.0v6.0.0.0+2 more2013-11-24

CVE-2013-4041 [MEDIUM] CVE-2013-4041: Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors.

nvd

CVE-2013-5375MEDIUMCVSS 6.8v5.0.0.0v6.0.0.0+2 more2013-11-24

CVE-2013-5375 [MEDIUM] CVE-2013-5375: Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL.

nvd

CVE-2013-3011CRITICALCVSS 9.3v5.0.0.0v5.0.11.0+60 more2013-07-23

CVE-2013-3011 [CRITICAL] CVE-2013-3011: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13- Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3012.

nvd

CVE-2013-3008CRITICALCVSS 9.3v7.0.0.0v7.0.1.0+5 more2013-07-23

CVE-2013-3008 [CRITICAL] CVE-2013-3008: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows re Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3006.

nvd

CVE-2013-3010CRITICALCVSS 9.3v6.0.1.0v7.0.0.0+6 more2013-07-23

CVE-2013-3010 [CRITICAL] CVE-2013-3010: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 a Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3007.

nvd

CVE-2013-3006CRITICALCVSS 9.3v7.0.0.0v7.0.1.0+5 more2013-07-23

CVE-2013-3006 [CRITICAL] CVE-2013-3006: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows re Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3008.

nvd

CVE-2013-3012CRITICALCVSS 9.3v5.0.0.0v5.0.11.0+60 more2013-07-23

CVE-2013-3012 [CRITICAL] CVE-2013-3012: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13- Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3011.

nvd

CVE-2013-3007CRITICALCVSS 9.3v6.0.1.0v7.0.0.0+6 more2013-07-23

CVE-2013-3007 [CRITICAL] CVE-2013-3007: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 a Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3006.

nvd

1 / 2Next →