Vulnerabilites related to ibm - java_sdk
Vulnerability from fkie_nvd
Published
2018-02-22 19:29
Modified
2024-11-21 03:59
Severity ?
8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.0.0:*:*:*:technology:*:*:*", matchCriteriaId: "7F64AE3A-3A3F-4F54-AEDD-0425A3F459D4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.1.0.0:*:*:*:technology:*:*:*", matchCriteriaId: "0FFF3633-2C77-43E0-8BED-96163978037B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:7.0.0.0:*:*:*:technology:*:*:*", matchCriteriaId: "769131D3-A1FD-4404-9467-90D0F81F03D2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:7.1.0.0:*:*:*:technology:*:*:*", matchCriteriaId: "52300B0C-9B55-47DD-8240-099845A8A402", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:8.0.0.0:*:*:*:technology:*:*:*", matchCriteriaId: "989232AD-8B86-4200-A816-9AAA72419950", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.", }, { lang: "es", value: "Bajo determinadas circunstancias, un fallo en J9 JVM (IBM SDK, Java Technology Edition 7.1 y 8.0) permite que se ejecute código no fiable bajo un gestor de seguridad para elevar sus privilegios. IBM X-Force ID: 138823.", }, ], id: "CVE-2018-1417", lastModified: "2024-11-21T03:59:46.697", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-22T19:29:03.810", references: [ { source: "psirt@us.ibm.com", url: "http://www.ibm.com/support/docview.wss?uid=isg3T1027315", }, { source: "psirt@us.ibm.com", url: "http://www.ibm.com/support/docview.wss?uid=swg22014937", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103216", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040403", }, { source: "psirt@us.ibm.com", url: "https://access.redhat.com/errata/RHSA-2018:1463", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138823", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=swg22012965", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ibm.com/support/docview.wss?uid=isg3T1027315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ibm.com/support/docview.wss?uid=swg22014937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103216", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:1463", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=swg22012965", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-12-07 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java_2_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "03221A34-2A59-4490-B584-9DDE14B038EB", versionEndIncluding: "5.0.16.13", versionStartIncluding: "5.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "E62DD30F-D19E-461B-BF22-B64DCF8A15B6", versionEndExcluding: "6.0.16.15", versionStartIncluding: "6.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "EDC1C82B-6F8E-448F-84AD-6AF2B25305B8", versionEndExcluding: "6.1.8.15", versionStartIncluding: "6.1.0.0.", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "5DA8172E-DF92-4728-B599-265226AE72C9", versionEndExcluding: "7.0.9.20", versionStartIncluding: "7.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "F4679087-2B26-4A3C-A270-0DD543289DCB", versionEndExcluding: "7.1.3.20", versionStartIncluding: "7.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "8A25735C-2F06-41D1-A0C4-2DAB1F82010A", versionEndExcluding: "8.0.2.0", versionStartIncluding: "8.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*", matchCriteriaId: "D4840254-CC76-4113-BC61-360BD15582B9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*", matchCriteriaId: "85EA16E0-9261-45C4-840F-5366E9EAC5E1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", matchCriteriaId: "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", matchCriteriaId: "54D669D4-6D7E-449D-80C1-28FA44F06FFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", matchCriteriaId: "6C81647C-9A53-481D-A54C-36770A093F90", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "44B067C7-735E-43C9-9188-7E1522A02491", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "A8442C20-41F9-47FD-9A12-E724D3A31FD7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", matchCriteriaId: "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", matchCriteriaId: "CB6476C7-03F2-4939-AB85-69AA524516D9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*", matchCriteriaId: "8B072472-B463-4647-885D-E40B0115C810", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", matchCriteriaId: "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", matchCriteriaId: "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:*:*:*:*", matchCriteriaId: "F922115C-1907-4F65-9F23-3E63A8BCD4A7", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", matchCriteriaId: "2F7F8866-DEAD-44D1-AB10-21EE611AA026", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", matchCriteriaId: "D41A798E-0D69-43C7-9A63-1E5921138EAC", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*", matchCriteriaId: "DB2A1559-651C-46B0-B436-8E03DC8A60D2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.", }, { lang: "es", value: "IBM Java Security Components en IBM SDK, Java Technology Edition 8 en versiones anteriores a SR2, 7 R1 en versiones anteriores a SR3 FP20, 7 en versiones anteriores a SR9 FP20, 6 R1 en versiones anteriores a SR8 FP15 y 6 en versiones anteriores a SR16 FP15 permite a atacantes físicamente próximos obtener información sensible mediante la lectura del Kerberos Credential Cache.", }, ], id: "CVE-2015-5006", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-12-07T20:59:06.807", references: [ { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2506.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2507.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2508.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2509.html", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78316", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21969225", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/77645", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034214", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2506.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2507.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2508.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2509.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78316", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21969225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/77645", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034214", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-03-06 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "CBDFEC5A-BDA0-4F29-AB77-C2F2C642ACEE", versionEndIncluding: "5.0.16.8", versionStartIncluding: "5.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "55912299-38CB-448D-B7FB-8FBF303CC4B1", versionEndExcluding: "6.0.16.3", versionStartIncluding: "6.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "1EF2693C-B165-4733-BD05-8F68BE11310D", versionEndIncluding: "6.1.8.2", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "EB0D97C8-511C-460A-ABC1-E098668975B7", versionEndExcluding: "7.0.8.10", versionStartIncluding: "7.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "4821D89B-B23B-4A49-BCC8-BE3A82DDC43B", versionEndExcluding: "7.1.2.10", versionStartIncluding: "7.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.", }, { lang: "es", value: "Vulnerabilidad no especificada en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 5.0 anterior a SR16-FP9, 6 anterior a SR16-FP3, 6R1 anterior a SR8-FP3, 7 anterior a SR8-FP10, y 7R1 anterior a SR2-FP10 permite a atacantes remotos escapar del sandbox de Java y ejecutar código arbitrario a través de vectores no especificados relacionados con el gestor de seguridad.", }, ], id: "CVE-2014-8891", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-03-06T23:59:00.077", references: [ { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0136.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0264.html", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015", }, { source: "psirt@us.ibm.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1189142", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0136.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0264.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1189142", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-05-26 19:55
Modified
2025-04-12 10:46
Severity ?
Summary
The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.0.0:*:*:*:technology:*:*:*", matchCriteriaId: "7F64AE3A-3A3F-4F54-AEDD-0425A3F459D4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.1.0:*:*:*:technology:*:*:*", matchCriteriaId: "A91376D6-0271-447B-83C6-C1CF94059718", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.2.0:*:*:*:technology:*:*:*", matchCriteriaId: "E8DB8CF1-DFC6-4532-BCF0-86AE616AE145", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.3.0:*:*:*:technology:*:*:*", matchCriteriaId: "68BA60FA-89F1-4CE7-8685-95C3E2FCFFC6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.4.0:*:*:*:technology:*:*:*", matchCriteriaId: "F3A2FA81-5236-4D4F-A189-B7CCD3C1A89B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.5.0:*:*:*:technology:*:*:*", matchCriteriaId: "4CAB76E6-07A6-42B5-9D4D-5E5BA4B39384", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.6.0:*:*:*:technology:*:*:*", matchCriteriaId: "F7E16292-F6AC-4DA9-BEEC-9CF6D4C8D8F1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.7.0:*:*:*:technology:*:*:*", matchCriteriaId: "84A9D30E-ADDF-43E3-BFC2-FB6F0704B359", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.8.0:*:*:*:technology:*:*:*", matchCriteriaId: "EC06A0C3-1627-443B-98E3-5B40A1424E33", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.8.1:*:*:*:technology:*:*:*", matchCriteriaId: "91C9ECDE-E94D-43A7-8FF4-ADDADCF88ABF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.9.0:*:*:*:technology:*:*:*", matchCriteriaId: "A3B11DD7-B251-4E8F-88A5-8EF3E49455B5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.9.1:*:*:*:technology:*:*:*", matchCriteriaId: "52DEB343-EA20-4745-950C-E19AD553A519", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.9.2:*:*:*:technology:*:*:*", matchCriteriaId: "B2A56764-8CF1-4098-AFCB-9A3E79A37298", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.10.0:*:*:*:technology:*:*:*", matchCriteriaId: "F6C0E04C-BB7C-4D30-944F-AC3A32C9A870", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.10.1:*:*:*:technology:*:*:*", matchCriteriaId: "EF7BD7D8-C909-48EE-8654-9A118184C0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.11.0:*:*:*:technology:*:*:*", matchCriteriaId: "68CB5F58-8526-4814-AAA2-85DB5508450C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.12.0:*:*:*:technology:*:*:*", matchCriteriaId: "CBD2DCC3-972E-45F5-8F06-B7EE48BF417B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.13.0:*:*:*:technology:*:*:*", matchCriteriaId: "3BB7005A-1C29-4A72-8559-F184738C66F4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.13.1:*:*:*:technology:*:*:*", matchCriteriaId: "1B3E82B3-244F-4681-A0B0-A55201BD89BD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.13.2:*:*:*:technology:*:*:*", matchCriteriaId: "74A57DD9-B74A-4865-B321-00CB2FF2EDFF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.14.0:*:*:*:technology:*:*:*", matchCriteriaId: "0707BA71-C076-4C77-A6A7-5FA66BA14D32", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.15.0:*:*:*:technology:*:*:*", matchCriteriaId: "3B123DE5-0F8F-4C23-8B0D-123C257070A7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:6.0.15.1:*:*:*:technology:*:*:*", matchCriteriaId: "D615B5B1-9E33-4795-AE3D-579309DBF915", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.0.0:*:*:*:technology:*:*:*", matchCriteriaId: "55B1372B-A99E-4F5F-85FB-7F7CB712A26D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.11.0:*:*:*:technology:*:*:*", matchCriteriaId: "07DDF4C0-09A9-4CAB-88B3-0CEA3E377D0D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.11.1:*:*:*:technology:*:*:*", matchCriteriaId: "FD77E636-7664-4EA7-AB69-BA77FC6BFC64", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.11.2:*:*:*:technology:*:*:*", matchCriteriaId: "3E950BC9-28B4-4078-8FED-4766E6D17C96", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.12.0:*:*:*:technology:*:*:*", matchCriteriaId: "45DA039D-D1A3-4FFA-9F37-52233FC8B8D3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.12.1:*:*:*:technology:*:*:*", matchCriteriaId: "1538B3DC-D8A0-41BC-90BE-2DDC7E8A56B3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.12.2:*:*:*:technology:*:*:*", matchCriteriaId: "86D14ED2-BB93-4445-94BF-89E42AA4D0C3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.12.3:*:*:*:technology:*:*:*", matchCriteriaId: "3C154101-DF9A-47F8-813A-97FB4FD161FB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.12.4:*:*:*:technology:*:*:*", matchCriteriaId: "DF029E26-0FBD-40EB-AF68-F48C3FE31B03", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.12.5:*:*:*:technology:*:*:*", matchCriteriaId: "93652A4D-C73D-43AA-ADC9-00E3FA2DA5AA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.13.0:*:*:*:technology:*:*:*", matchCriteriaId: "40B5060F-5DED-49EF-913C-4C97737B8A20", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.14.0:*:*:*:technology:*:*:*", matchCriteriaId: "99886E38-7DD1-4954-824D-C3B2B56557C0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.15.0:*:*:*:technology:*:*:*", matchCriteriaId: "EBB58E8A-9FB4-4C26-A85A-5BC914EF7215", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.16.0:*:*:*:technology:*:*:*", matchCriteriaId: "432A7930-462E-42C2-9E13-174374630C09", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.16.1:*:*:*:technology:*:*:*", matchCriteriaId: "29827AD1-8C9C-4736-A931-79749A5DD25A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.16.2:*:*:*:technology:*:*:*", matchCriteriaId: "010E25AA-20D4-4593-A6AD-25094D53F74B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.16.3:*:*:*:technology:*:*:*", matchCriteriaId: "E8DF754E-E5A3-480F-9725-F8478A71D1C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.16.4:*:*:*:technology:*:*:*", matchCriteriaId: "D131E102-169F-42DA-AEFB-9650AF85A797", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:5.0.16.5:*:*:*:technology:*:*:*", matchCriteriaId: "5F4CAE85-C253-4F95-81AE-A02BE48DCAA4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java_sdk:7.0.0.0:*:*:*:technology:*:*:*", matchCriteriaId: "769131D3-A1FD-4404-9467-90D0F81F03D2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:7.0.1.0:*:*:*:technology:*:*:*", matchCriteriaId: "AF8499A1-DCD7-49DF-BB75-92CD80167994", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:7.0.2.0:*:*:*:technology:*:*:*", matchCriteriaId: "2E6EEC1B-EB35-46AE-B6DD-1239037C008F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:7.0.3.0:*:*:*:technology:*:*:*", matchCriteriaId: "29F18878-B335-4AE6-A28F-3DC47E101BCB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:7.0.4.0:*:*:*:technology:*:*:*", matchCriteriaId: "96899A64-B537-4E41-BD83-1C4B0B06E58C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:7.0.4.1:*:*:*:technology:*:*:*", matchCriteriaId: "AD53244F-CF3A-4470-9A6D-A9F6AACC4363", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:7.0.4.2:*:*:*:technology:*:*:*", matchCriteriaId: "E468E9EA-4742-41CC-855C-5DF868A06E23", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:7.0.5.0:*:*:*:technology:*:*:*", matchCriteriaId: "7DA12A25-D63C-4CBB-96F0-23E0A704E0B9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:7.0.6.0:*:*:*:technology:*:*:*", matchCriteriaId: "C1ABEDB5-3068-448B-97CF-6532FE8DFDFA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:7.0.6.1:*:*:*:technology:*:*:*", matchCriteriaId: "8E57A38C-BD43-4FD4-B5D8-E6069D5F1A24", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:7.1.0.0:*:*:*:technology:*:*:*", matchCriteriaId: "52300B0C-9B55-47DD-8240-099845A8A402", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.", }, { lang: "es", value: "El componente IBMSecureRandom en los proveedores criptográficos IBMJCE y IBMSecureRandom en IBM SDK Java Technology Edition 5.0 anterior a Service Refresh 16 FP6, 6 anterior a Service Refresh 16, 6.0.1 anterior a Service Refresh 8, 7 anterior a Service Refresh 7 y 7R1 anterior a Service Refresh 1 facilita a atacantes dependientes de contexto anular mecanismos de protección criptográficos mediante la predicción de la salida del generador de números aleatorias.", }, ], id: "CVE-2014-0878", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-05-26T19:55:04.263", references: [ { source: "psirt@us.ibm.com", url: "http://secunia.com/advisories/59022", }, { source: "psirt@us.ibm.com", url: "http://secunia.com/advisories/59023", }, { source: "psirt@us.ibm.com", url: "http://secunia.com/advisories/59058", }, { source: "psirt@us.ibm.com", url: "http://secunia.com/advisories/61264", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21672043", }, { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21673836", }, { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674539", }, { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676672", }, { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676703", }, { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", }, { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21679610", }, { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21679713", }, { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21680750", }, { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21681256", }, { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21683484", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686717", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21689593", }, { source: "psirt@us.ibm.com", url: "http://www.ibm.com/support/docview.wss?uid=swg21675343", }, { source: "psirt@us.ibm.com", url: "http://www.ibm.com/support/docview.wss?uid=swg21675588", }, { source: "psirt@us.ibm.com", url: "http://www.ibm.com/support/docview.wss?uid=swg21677387", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/67601", }, { source: "psirt@us.ibm.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/59022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/59023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/59058", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/61264", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21672043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21673836", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676672", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676703", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21679610", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21679713", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21680750", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21681256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21683484", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686717", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21689593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ibm.com/support/docview.wss?uid=swg21675343", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ibm.com/support/docview.wss?uid=swg21675588", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ibm.com/support/docview.wss?uid=swg21677387", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/67601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91084", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-06 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | java_sdk | * | |
| ibm | java_sdk | * | |
| ibm | java_sdk | * | |
| ibm | java_sdk | * | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 12 | |
| suse | linux_enterprise_software_development_kit | 11 | |
| suse | linux_enterprise_software_development_kit | 12 | |
| suse | linux_enterprise_software_development_kit | 12 | |
| suse | suse_linux_enterprise_server | 12 | |
| ibm | websphere_application_server | * | |
| redhat | satellite | 5.6 | |
| redhat | satellite | 5.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "9FB0DAB8-616B-499E-8BAE-9B57C848A21D", versionEndExcluding: "6.0.16.20", versionStartIncluding: "6.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "5FA43541-321F-4620-BE4D-B3BED9A473FA", versionEndExcluding: "6.1.8.20", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "E89BE4AC-83E6-4E5E-9760-CF14C05852C6", versionEndExcluding: "7.0.9.30", versionStartIncluding: "7.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "908613AF-6B2B-405C-93B7-45161F82A9B6", versionEndExcluding: "7.1.3.30", versionStartIncluding: "7.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", matchCriteriaId: "CB6476C7-03F2-4939-AB85-69AA524516D9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", matchCriteriaId: "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", matchCriteriaId: "2076747F-A98E-4DD9-9B52-BF1732BCAD3D", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", matchCriteriaId: "D41A798E-0D69-43C7-9A63-1E5921138EAC", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*", matchCriteriaId: "DB2A1559-651C-46B0-B436-8E03DC8A60D2", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*", matchCriteriaId: "5A633996-2FD7-467C-BAA6-529E16BD06D1", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", matchCriteriaId: "9C649194-B8C2-49F7-A819-C635EE584ABF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*", matchCriteriaId: "C95C690A-1763-4947-866E-0F3B18486643", versionEndIncluding: "3.0.9.20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*", matchCriteriaId: "D4840254-CC76-4113-BC61-360BD15582B9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*", matchCriteriaId: "85EA16E0-9261-45C4-840F-5366E9EAC5E1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.", }, { lang: "es", value: "El JVM J9 en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP20, 6 R1 en versiones anteriores a SR8 FP20, 7 en versiones anteriores a SR9 FP30 y 7 R1 en versiones anteriores a SR3 FP30 permite a atacantes remotos obtener información sensible o inyectar datos invocando a métodos de interfaz no públicos.", }, ], id: "CVE-2015-5041", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-06T17:59:00.220", references: [ { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21974194", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/82451", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21974194", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/82451", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-29 03:15
Modified
2024-11-21 02:26
Severity ?
Summary
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "69BEADC6-4288-4A8A-B384-8CD56F682D4F", versionEndExcluding: "5.0.16.13", versionStartIncluding: "5.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "1AAA972B-5EA5-4A0E-AD6F-E3A1D07E9B23", versionEndExcluding: "6.0.16.7", versionStartIncluding: "6.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "BB6E79D8-BCA0-4350-B544-1CB2FEF8AE11", versionEndExcluding: "6.1.8.7", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "610D1BA4-4F00-4AEB-B239-03A96F2B3DF0", versionEndExcluding: "7.0.9.10", versionStartIncluding: "7.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "DC07C379-93D1-4061-A8DB-9BB623D0B6AF", versionEndExcluding: "7.1.3.10", versionStartIncluding: "7.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "98AB5EC9-F74A-4AC4-85B8-9D6D9EEB8D75", versionEndExcluding: "8.0.1.10", versionStartIncluding: "8.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:-:*:*", matchCriteriaId: "7F4AF9EC-7C74-40C3-A1BA-82B80C4A7EE0", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", matchCriteriaId: "CB6476C7-03F2-4939-AB85-69AA524516D9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", matchCriteriaId: "E534C201-BCC5-473C-AAA7-AAB97CEB5437", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", matchCriteriaId: "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", matchCriteriaId: "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", matchCriteriaId: "2F7F8866-DEAD-44D1-AB10-21EE611AA026", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", matchCriteriaId: "D41A798E-0D69-43C7-9A63-1E5921138EAC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*", matchCriteriaId: "D4840254-CC76-4113-BC61-360BD15582B9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*", matchCriteriaId: "85EA16E0-9261-45C4-840F-5366E9EAC5E1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", matchCriteriaId: "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*", matchCriteriaId: "967EC28A-607F-48F4-AD64-5E3041C768F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:*", matchCriteriaId: "A67A7B7A-998D-4B8C-8831-6E58406565FE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "807C024A-F8E8-4B48-A349-4C68CD252CA1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "F96E3779-F56A-45FF-BB3D-4980527D721E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", matchCriteriaId: "54D669D4-6D7E-449D-80C1-28FA44F06FFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", matchCriteriaId: "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.", }, { lang: "es", value: "IBM Java Security Components en IBM SDK, Java Technology Edition 8 versiones anteriores a SR1 FP10, 7 R1 anteriores a SR3 FP10, 7 anteriores a SR9 FP10, 6 R1 anteriores a SR8 FP7, 6 anteriores a SR16 FP7, y 5.0 anteriores a SR16 FP13, almacena información de texto plano en volcados de memoria, lo que permite a usuarios locales obtener información confidencial al leer un archivo", }, ], id: "CVE-2015-1931", lastModified: "2024-11-21T02:26:25.687", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-29T03:15:11.400", references: [ { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1485.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1486.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1488.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1544.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1604.html", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962302", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/75985", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1485.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1486.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1488.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1544.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1604.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962302", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/75985", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-312", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-03 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*", matchCriteriaId: "D4840254-CC76-4113-BC61-360BD15582B9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*", matchCriteriaId: "85EA16E0-9261-45C4-840F-5366E9EAC5E1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node_supplementary:6.0:*:*:*:*:*:*:*", matchCriteriaId: "585614D3-1DAA-4256-83DE-AFE901154808", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node_supplementary:7.0:*:*:*:*:*:*:*", matchCriteriaId: "8440BA16-EAC4-4F27-99A4-795295DA6646", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", matchCriteriaId: "6C81647C-9A53-481D-A54C-36770A093F90", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "44B067C7-735E-43C9-9188-7E1522A02491", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "A8442C20-41F9-47FD-9A12-E724D3A31FD7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_legacy_software:12:*:*:*:*:*:*:*", matchCriteriaId: "B7449208-3D08-427B-9783-CF48D6B63A6B", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp2:*:*:ltss:*:*:*", matchCriteriaId: "772B084E-2EAE-4AC9-94C1-B826857B0861", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:ltss:*:*:*", matchCriteriaId: "3F8CE3BD-993B-407F-BAEC-A070F6B46E6E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_manager:2.1:*:*:*:*:*:*:*", matchCriteriaId: "514646C5-C5D4-487E-8950-B3A2B1DE8EEC", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_manager_proxy:2.1:*:*:*:*:*:*:*", matchCriteriaId: "C15BA04F-6CBC-45AB-A44F-D8E8B3F8EC06", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_openstack_cloud:5:*:*:*:*:*:*:*", matchCriteriaId: "74268F7D-058C-4E84-9D7E-3853A95918BD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "A27846D2-F8BC-4A9B-9B59-E6E71BB869BC", versionEndExcluding: "6.0.16.25", versionStartIncluding: "6.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "9F139472-2499-44AF-A466-0043BB83E254", versionEndExcluding: "6.1.8.25", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "A44B197F-40EF-465F-9995-691EA879F121", versionEndExcluding: "7.0.9.40", versionStartIncluding: "7.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "626BA0D0-5526-4344-822B-0F5837C43C37", versionEndExcluding: "7.1.3.40", versionStartIncluding: "7.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "DDBE9092-9478-4899-88D2-95E4EDACB4FD", versionEndExcluding: "8.0.3.0", versionStartIncluding: "8.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.", }, { lang: "es", value: "La clase com.ibm.CORBA.iiop.ClientDelegate en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP25 (6.0.16.25), 6 R1 en versiones anteriores a SR8 FP25 (6.1.8.25), 7 en versiones anteriores a SR9 FP40 (7.0.9.40), 7 R1 en versiones anteriores a SR3 FP40 (7.1.3.40) y 8 en versiones anteriores a SR3 (8.0.3.0) utiliza el método de invocación de la clase java.lang.reflect.Method en un bloque AccessController doPrivileged, lo que permite a atacantes remotos llamar a setSecurityManager y eludir un mecanismo de protección sandbox a través de vectores relacionados con una instancia a un objeto Proxy implementando la interfaz java.lang.reflect.InvocationHandler. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2013-3009.", }, ], id: "CVE-2016-0363", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-03T14:59:01.530", references: [ { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0701.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0702.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0708.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0716.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1039.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/fulldisclosure/2016/Apr/20", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/fulldisclosure/2016/Apr/3", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90172", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/85895", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035953", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1216", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0701.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0702.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0708.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0716.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/fulldisclosure/2016/Apr/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/fulldisclosure/2016/Apr/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90172", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/85895", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1216", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-03 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_legacy_software:12:*:*:*:*:*:*:*", matchCriteriaId: "B7449208-3D08-427B-9783-CF48D6B63A6B", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp2:*:*:ltss:*:*:*", matchCriteriaId: "772B084E-2EAE-4AC9-94C1-B826857B0861", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:ltss:*:*:*", matchCriteriaId: "3F8CE3BD-993B-407F-BAEC-A070F6B46E6E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_manager:2.1:*:*:*:*:*:*:*", matchCriteriaId: "514646C5-C5D4-487E-8950-B3A2B1DE8EEC", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_manager_proxy:2.1:*:*:*:*:*:*:*", matchCriteriaId: "C15BA04F-6CBC-45AB-A44F-D8E8B3F8EC06", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_openstack_cloud:5:*:*:*:*:*:*:*", matchCriteriaId: "74268F7D-058C-4E84-9D7E-3853A95918BD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "A27846D2-F8BC-4A9B-9B59-E6E71BB869BC", versionEndExcluding: "6.0.16.25", versionStartIncluding: "6.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "9F139472-2499-44AF-A466-0043BB83E254", versionEndExcluding: "6.1.8.25", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "A44B197F-40EF-465F-9995-691EA879F121", versionEndExcluding: "7.0.9.40", versionStartIncluding: "7.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "626BA0D0-5526-4344-822B-0F5837C43C37", versionEndExcluding: "7.1.3.40", versionStartIncluding: "7.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "DDBE9092-9478-4899-88D2-95E4EDACB4FD", versionEndExcluding: "8.0.3.0", versionStartIncluding: "8.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*", matchCriteriaId: "D4840254-CC76-4113-BC61-360BD15582B9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*", matchCriteriaId: "85EA16E0-9261-45C4-840F-5366E9EAC5E1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", matchCriteriaId: "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node_supplementary:6.0:*:*:*:*:*:*:*", matchCriteriaId: "585614D3-1DAA-4256-83DE-AFE901154808", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node_supplementary:7.0:*:*:*:*:*:*:*", matchCriteriaId: "8440BA16-EAC4-4F27-99A4-795295DA6646", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", matchCriteriaId: "6C81647C-9A53-481D-A54C-36770A093F90", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "44B067C7-735E-43C9-9188-7E1522A02491", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "A8442C20-41F9-47FD-9A12-E724D3A31FD7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", matchCriteriaId: "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.", }, { lang: "es", value: "La clase com.ibm.rmi.io.SunSerializableFactory en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP25 (6.0.16.25), 6 R1 en versiones anteriores a SR8 FP25 (6.1.8.25), 7 en versiones anteriores a SR9 FP40 (7.0.9.40), 7 R1 en versiones anteriores a SR3 FP40 (7.1.3.40) y 8 en versiones anteriores a SR3 (8.0.3.0) no deserializa correctamente las clases en un bloque AccessController doPrivileged, lo que permite a atacantes remotos eludir un mecanismo de protección sandbox y ejecutar código arbitrario como se demuestra mediante el método readValue de la clase com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton, lo que implementa la interfaz javax.rmi.CORBA.ValueHandler. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2013-5456.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/502.html\" rel=\"nofollow\">CWE-502: Deserialization of Untrusted Data</a>", id: "CVE-2016-0376", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-03T14:59:02.890", references: [ { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0701.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0702.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0708.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0716.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1039.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/fulldisclosure/2016/Apr/43", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90171", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/538066/100/100/threaded", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/89192", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035953", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1216", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0701.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0702.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0708.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0716.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/fulldisclosure/2016/Apr/43", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90171", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/538066/100/100/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/89192", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1216", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-03-06 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "CBDFEC5A-BDA0-4F29-AB77-C2F2C642ACEE", versionEndIncluding: "5.0.16.8", versionStartIncluding: "5.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "55912299-38CB-448D-B7FB-8FBF303CC4B1", versionEndExcluding: "6.0.16.3", versionStartIncluding: "6.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "1EF2693C-B165-4733-BD05-8F68BE11310D", versionEndIncluding: "6.1.8.2", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "EB0D97C8-511C-460A-ABC1-E098668975B7", versionEndExcluding: "7.0.8.10", versionStartIncluding: "7.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "4821D89B-B23B-4A49-BCC8-BE3A82DDC43B", versionEndExcluding: "7.1.2.10", versionStartIncluding: "7.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager.", }, { lang: "es", value: "Vulnerabilidad no especificada en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 5.0 anterior a SR16-FP9, 6 anterior a SR16-FP3, 6R1 anterior a SR8-FP3, 7 anterior a SR8-FP10, y 7R1 anterior a SR2-FP10 permite a atacantes remotos evadir los permisos de acceso y obtener información sensible a través de vectores no especificados relacionados con el gestor de seguridad.", }, ], id: "CVE-2014-8892", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 7.8, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:C/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-03-06T23:59:01.217", references: [ { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0136.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0264.html", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/73259", }, { source: "psirt@us.ibm.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1189145", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0136.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0264.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/73259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1189145", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-24 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", matchCriteriaId: "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", matchCriteriaId: "D41A798E-0D69-43C7-9A63-1E5921138EAC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "A27846D2-F8BC-4A9B-9B59-E6E71BB869BC", versionEndExcluding: "6.0.16.25", versionStartIncluding: "6.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "9F139472-2499-44AF-A466-0043BB83E254", versionEndExcluding: "6.1.8.25", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "A44B197F-40EF-465F-9995-691EA879F121", versionEndExcluding: "7.0.9.40", versionStartIncluding: "7.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "626BA0D0-5526-4344-822B-0F5837C43C37", versionEndExcluding: "7.1.3.40", versionStartIncluding: "7.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*", matchCriteriaId: "DDBE9092-9478-4899-88D2-95E4EDACB4FD", versionEndExcluding: "8.0.3.0", versionStartIncluding: "8.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*", matchCriteriaId: "D4840254-CC76-4113-BC61-360BD15582B9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*", matchCriteriaId: "85EA16E0-9261-45C4-840F-5366E9EAC5E1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", matchCriteriaId: "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node_supplementary:6.0:*:*:*:*:*:*:*", matchCriteriaId: "585614D3-1DAA-4256-83DE-AFE901154808", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node_supplementary:7.0:*:*:*:*:*:*:*", matchCriteriaId: "8440BA16-EAC4-4F27-99A4-795295DA6646", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", matchCriteriaId: "54D669D4-6D7E-449D-80C1-28FA44F06FFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", matchCriteriaId: "6C81647C-9A53-481D-A54C-36770A093F90", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "44B067C7-735E-43C9-9188-7E1522A02491", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "A8442C20-41F9-47FD-9A12-E724D3A31FD7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", matchCriteriaId: "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", matchCriteriaId: "35BBD83D-BDC7-4678-BE94-639F59281139", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", matchCriteriaId: "CB6476C7-03F2-4939-AB85-69AA524516D9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*", matchCriteriaId: "B12243B2-D726-404C-ABFF-F1AB51BA1783", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", matchCriteriaId: "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", matchCriteriaId: "2076747F-A98E-4DD9-9B52-BF1732BCAD3D", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", matchCriteriaId: "D41A798E-0D69-43C7-9A63-1E5921138EAC", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*", matchCriteriaId: "DB2A1559-651C-46B0-B436-8E03DC8A60D2", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*", matchCriteriaId: "5A633996-2FD7-467C-BAA6-529E16BD06D1", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", matchCriteriaId: "9C649194-B8C2-49F7-A819-C635EE584ABF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*", matchCriteriaId: "FD4EEF7C-CC33-4494-8531-7C0CC28A8823", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*", matchCriteriaId: "3CBED083-B935-4C47-BBDA-F39D8EA277ED", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*", matchCriteriaId: "BD6136E8-74DE-48AF-A8AB-B0E93D34870C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.", }, { lang: "es", value: "Desbordamiento de buffer en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP25 (6.0.16.25), 6 R1 en versiones anteriores a SR8 FP25 (6.1.8.25), 7 en versiones anteriores a SR9 FP40 (7.0.9.40), 7 R1 en versiones anteriores a SR3 FP40 (7.1.3.40) y 8 en versiones anteriores a SR3 (8.0.3.0) permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados.", }, ], id: "CVE-2016-0264", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-24T15:59:00.117", references: [ { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html", }, { source: "psirt@us.ibm.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0701.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0702.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0708.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0716.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1039.html", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035953", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1216", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0701.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0702.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0708.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0716.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1216", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 16:15
Modified
2024-09-11 13:48
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/284573 | Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7165421 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:java_technology:*:*:*", matchCriteriaId: "5DDFFC65-9A40-45B6-BEAB-AC2A72A0B0BD", versionEndIncluding: "7.1.5.18", versionStartIncluding: "7.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java_sdk:*:*:*:*:java_technology:*:*:*", matchCriteriaId: "A0954E69-2308-4A9C-B786-6FB188823ED6", versionEndIncluding: "8.0.8.26", versionStartIncluding: "8.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573.", }, { lang: "es", value: "El Object Request Broker (ORB) en IBM SDK, Java Technology Edition 7.1.0.0 a 7.1.5.18 y 8.0.0.0 a 8.0.8.26 es vulnerable a la denegación remota de servicio, provocada por una condición de ejecución en la gestión de subprocesos de escucha de ORB. ID de IBM X-Force: 284573.", }, ], id: "CVE-2024-27267", lastModified: "2024-09-11T13:48:12.250", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T16:15:10.950", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/284573", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7165421", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-300", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
CVE-2015-5006 (GCVE-0-2015-5006)
Vulnerability from cvelistv5
Published
2015-12-07 20:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:32:31.516Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2015:2182", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html", }, { name: "SUSE-SU-2015:2192", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", }, { name: "IV78316", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78316", }, { name: "1034214", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034214", }, { name: "RHSA-2015:2507", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2507.html", }, { name: "RHSA-2016:1430", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { name: "RHSA-2015:2506", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2506.html", }, { name: "RHSA-2015:2509", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2509.html", }, { name: "SUSE-SU-2015:2166", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", }, { name: "SUSE-SU-2015:2216", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html", }, { name: "77645", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/77645", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21969225", }, { name: "SUSE-SU-2015:2268", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html", }, { name: "SUSE-SU-2015:2168", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html", }, { name: "RHSA-2015:2508", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2508.html", }, { name: "SUSE-SU-2016:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-19T00:00:00", descriptions: [ { lang: "en", value: "IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-05T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "SUSE-SU-2015:2182", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html", }, { name: "SUSE-SU-2015:2192", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", }, { name: "IV78316", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78316", }, { name: "1034214", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034214", }, { name: "RHSA-2015:2507", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2507.html", }, { name: "RHSA-2016:1430", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { name: "RHSA-2015:2506", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2506.html", }, { name: "RHSA-2015:2509", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2509.html", }, { name: "SUSE-SU-2015:2166", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", }, { name: "SUSE-SU-2015:2216", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html", }, { name: "77645", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/77645", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21969225", }, { name: "SUSE-SU-2015:2268", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html", }, { name: "SUSE-SU-2015:2168", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html", }, { name: "RHSA-2015:2508", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2508.html", }, { name: "SUSE-SU-2016:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-5006", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SU-2015:2182", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html", }, { name: "SUSE-SU-2015:2192", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", }, { name: "IV78316", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78316", }, { name: "1034214", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034214", }, { name: "RHSA-2015:2507", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-2507.html", }, { name: "RHSA-2016:1430", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { name: "RHSA-2015:2506", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-2506.html", }, { name: "RHSA-2015:2509", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-2509.html", }, { name: "SUSE-SU-2015:2166", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", }, { name: "SUSE-SU-2015:2216", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html", }, { name: "77645", refsource: "BID", url: "http://www.securityfocus.com/bid/77645", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21969225", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21969225", }, { name: "SUSE-SU-2015:2268", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html", }, { name: "SUSE-SU-2015:2168", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html", }, { name: "RHSA-2015:2508", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-2508.html", }, { name: "SUSE-SU-2016:0113", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-5006", datePublished: "2015-12-07T20:00:00", dateReserved: "2015-06-24T00:00:00", dateUpdated: "2024-08-06T06:32:31.516Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-0376 (GCVE-0-2016-0376)
Vulnerability from cvelistv5
Published
2016-06-03 14:00
Modified
2024-08-05 22:15
Severity ?
EPSS score ?
Summary
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:15:24.181Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", }, { name: "SUSE-SU-2016:1299", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html", }, { name: "RHSA-2016:1039", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1039.html", }, { name: "RHSA-2016:0701", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0701.html", }, { name: "89192", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/89192", }, { name: "SUSE-SU-2016:1303", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html", }, { name: "SUSE-SU-2016:1475", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html", }, { name: "SUSE-SU-2016:1300", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html", }, { name: "RHSA-2016:1430", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { name: "RHSA-2016:0708", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0708.html", }, { name: "SUSE-SU-2016:1378", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html", }, { name: "SUSE-SU-2016:1379", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html", }, { name: "SUSE-SU-2016:1458", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html", }, { name: "20160412 [SE-2012-01] Yet another broken security fix in IBM Java 7/8", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2016/Apr/43", }, { name: "RHSA-2016:0716", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0716.html", }, { name: "1035953", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035953", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf", }, { name: "IX90171", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90171", }, { name: "SUSE-SU-2016:1388", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html", }, { name: "RHSA-2016:0702", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0702.html", }, { name: "RHSA-2017:1216", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1216", }, { name: "20160412 [SE-2012-01] Yet another broken security fix in IBM Java 7/8", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/538066/100/100/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-04T00:00:00", descriptions: [ { lang: "en", value: "The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", }, { name: "SUSE-SU-2016:1299", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html", }, { name: "RHSA-2016:1039", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1039.html", }, { name: "RHSA-2016:0701", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0701.html", }, { name: "89192", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/89192", }, { name: "SUSE-SU-2016:1303", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html", }, { name: "SUSE-SU-2016:1475", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html", }, { name: "SUSE-SU-2016:1300", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html", }, { name: "RHSA-2016:1430", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { name: "RHSA-2016:0708", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0708.html", }, { name: "SUSE-SU-2016:1378", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html", }, { name: "SUSE-SU-2016:1379", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html", }, { name: "SUSE-SU-2016:1458", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html", }, { name: "20160412 [SE-2012-01] Yet another broken security fix in IBM Java 7/8", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2016/Apr/43", }, { name: "RHSA-2016:0716", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0716.html", }, { name: "1035953", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035953", }, { tags: [ "x_refsource_MISC", ], url: "http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf", }, { name: "IX90171", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90171", }, { name: "SUSE-SU-2016:1388", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html", }, { name: "RHSA-2016:0702", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0702.html", }, { name: "RHSA-2017:1216", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1216", }, { name: "20160412 [SE-2012-01] Yet another broken security fix in IBM Java 7/8", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/538066/100/100/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-0376", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", }, { name: "SUSE-SU-2016:1299", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html", }, { name: "RHSA-2016:1039", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1039.html", }, { name: "RHSA-2016:0701", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0701.html", }, { name: "89192", refsource: "BID", url: "http://www.securityfocus.com/bid/89192", }, { name: "SUSE-SU-2016:1303", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html", }, { name: "SUSE-SU-2016:1475", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html", }, { name: "SUSE-SU-2016:1300", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html", }, { name: "RHSA-2016:1430", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { name: "RHSA-2016:0708", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0708.html", }, { name: "SUSE-SU-2016:1378", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html", }, { name: "SUSE-SU-2016:1379", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html", }, { name: "SUSE-SU-2016:1458", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html", }, { name: "20160412 [SE-2012-01] Yet another broken security fix in IBM Java 7/8", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2016/Apr/43", }, { name: "RHSA-2016:0716", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0716.html", }, { name: "1035953", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035953", }, { name: "http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf", refsource: "MISC", url: "http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf", }, { name: "IX90171", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90171", }, { name: "SUSE-SU-2016:1388", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html", }, { name: "RHSA-2016:0702", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0702.html", }, { name: "RHSA-2017:1216", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1216", }, { name: "20160412 [SE-2012-01] Yet another broken security fix in IBM Java 7/8", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/538066/100/100/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-0376", datePublished: "2016-06-03T14:00:00", dateReserved: "2015-12-08T00:00:00", dateUpdated: "2024-08-05T22:15:24.181Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1417 (GCVE-0-2018-1417)
Vulnerability from cvelistv5
Published
2018-02-22 19:00
Modified
2024-09-16 19:11
Severity ?
EPSS score ?
Summary
Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/138823 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/103216 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040403 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2018:1463 | vendor-advisory, x_refsource_REDHAT | |
| http://www.ibm.com/support/docview.wss?uid=isg3T1027315 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=swg22014937 | x_refsource_CONFIRM | |
| https://www.ibm.com/support/docview.wss?uid=swg22012965 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | SDK, Java Technology Edition |
Version: 7.1 Version: 8.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.053Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138823", }, { name: "103216", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103216", }, { name: "1040403", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040403", }, { name: "RHSA-2018:1463", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1463", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=isg3T1027315", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22014937", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=swg22012965", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SDK, Java Technology Edition", vendor: "IBM", versions: [ { status: "affected", version: "7.1", }, { status: "affected", version: "8.0", }, ], }, ], datePublic: "2018-02-20T00:00:00", descriptions: [ { lang: "en", value: "Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AC:H/AV:N/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-16T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138823", }, { name: "103216", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103216", }, { name: "1040403", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040403", }, { name: "RHSA-2018:1463", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1463", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=isg3T1027315", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22014937", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=swg22012965", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-02-20T00:00:00", ID: "CVE-2018-1417", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SDK, Java Technology Edition", version: { version_data: [ { version_value: "7.1", }, { version_value: "8.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "H", I: "H", PR: "N", S: "U", UI: "N", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138823", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/138823", }, { name: "103216", refsource: "BID", url: "http://www.securityfocus.com/bid/103216", }, { name: "1040403", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040403", }, { name: "RHSA-2018:1463", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1463", }, { name: "http://www.ibm.com/support/docview.wss?uid=isg3T1027315", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=isg3T1027315", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22014937", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22014937", }, { name: "https://www.ibm.com/support/docview.wss?uid=swg22012965", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=swg22012965", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1417", datePublished: "2018-02-22T19:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T19:11:02.846Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-5041 (GCVE-0-2015-5041)
Vulnerability from cvelistv5
Published
2016-06-06 17:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html | vendor-advisory, x_refsource_SUSE | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872 | vendor-advisory, x_refsource_AIXAPAR | |
| http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html | vendor-advisory, x_refsource_SUSE | |
| https://access.redhat.com/errata/RHSA-2016:1430 | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html | vendor-advisory, x_refsource_SUSE | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21974194 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/82451 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:32:32.251Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2016:0401", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html", }, { name: "IV72872", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872", }, { name: "SUSE-SU-2016:0428", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html", }, { name: "RHSA-2016:1430", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { name: "SUSE-SU-2016:0399", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21974194", }, { name: "82451", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/82451", }, { name: "SUSE-SU-2016:0431", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-20T00:00:00", descriptions: [ { lang: "en", value: "The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T22:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "SUSE-SU-2016:0401", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html", }, { name: "IV72872", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872", }, { name: "SUSE-SU-2016:0428", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html", }, { name: "RHSA-2016:1430", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { name: "SUSE-SU-2016:0399", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21974194", }, { name: "82451", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/82451", }, { name: "SUSE-SU-2016:0431", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-5041", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SU-2016:0401", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html", }, { name: "IV72872", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872", }, { name: "SUSE-SU-2016:0428", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html", }, { name: "RHSA-2016:1430", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { name: "SUSE-SU-2016:0399", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21974194", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21974194", }, { name: "82451", refsource: "BID", url: "http://www.securityfocus.com/bid/82451", }, { name: "SUSE-SU-2016:0431", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-5041", datePublished: "2016-06-06T17:00:00", dateReserved: "2015-06-24T00:00:00", dateUpdated: "2024-08-06T06:32:32.251Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-0264 (GCVE-0-2016-0264)
Vulnerability from cvelistv5
Published
2016-05-24 15:00
Modified
2024-08-05 22:15
Severity ?
EPSS score ?
Summary
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:15:23.235Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", }, { name: "SUSE-SU-2016:1299", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html", }, { name: "RHSA-2016:1039", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1039.html", }, { name: "RHSA-2016:0701", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0701.html", }, { name: "SUSE-SU-2016:1303", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html", }, { name: "SUSE-SU-2016:1475", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html", }, { name: "SUSE-SU-2016:1300", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html", }, { name: "RHSA-2016:1430", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { name: "RHSA-2016:0708", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0708.html", }, { name: "SUSE-SU-2016:1378", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html", }, { name: "SUSE-SU-2016:1379", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html", }, { name: "SUSE-SU-2016:1458", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html", }, { name: "IV84035", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035", }, { name: "RHSA-2016:0716", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0716.html", }, { name: "1035953", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035953", }, { name: "SUSE-SU-2016:1388", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html", }, { name: "RHSA-2016:0702", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0702.html", }, { name: "RHSA-2017:1216", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1216", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-26T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", }, { name: "SUSE-SU-2016:1299", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html", }, { name: "RHSA-2016:1039", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1039.html", }, { name: "RHSA-2016:0701", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0701.html", }, { name: "SUSE-SU-2016:1303", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html", }, { name: "SUSE-SU-2016:1475", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html", }, { name: "SUSE-SU-2016:1300", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html", }, { name: "RHSA-2016:1430", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { name: "RHSA-2016:0708", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0708.html", }, { name: "SUSE-SU-2016:1378", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html", }, { name: "SUSE-SU-2016:1379", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html", }, { name: "SUSE-SU-2016:1458", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html", }, { name: "IV84035", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035", }, { name: "RHSA-2016:0716", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0716.html", }, { name: "1035953", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035953", }, { name: "SUSE-SU-2016:1388", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html", }, { name: "RHSA-2016:0702", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0702.html", }, { name: "RHSA-2017:1216", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1216", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-0264", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", }, { name: "SUSE-SU-2016:1299", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html", }, { name: "RHSA-2016:1039", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1039.html", }, { name: "RHSA-2016:0701", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0701.html", }, { name: "SUSE-SU-2016:1303", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html", }, { name: "SUSE-SU-2016:1475", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html", }, { name: "SUSE-SU-2016:1300", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html", }, { name: "RHSA-2016:1430", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { name: "RHSA-2016:0708", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0708.html", }, { name: "SUSE-SU-2016:1378", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html", }, { name: "SUSE-SU-2016:1379", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html", }, { name: "SUSE-SU-2016:1458", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html", }, { name: "IV84035", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035", }, { name: "RHSA-2016:0716", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0716.html", }, { name: "1035953", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035953", }, { name: "SUSE-SU-2016:1388", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html", }, { name: "RHSA-2016:0702", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0702.html", }, { name: "RHSA-2017:1216", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1216", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-0264", datePublished: "2016-05-24T15:00:00", dateReserved: "2015-12-08T00:00:00", dateUpdated: "2024-08-05T22:15:23.235Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-1931 (GCVE-0-2015-1931)
Vulnerability from cvelistv5
Published
2020-01-23 18:42
Modified
2024-08-06 05:02
Severity ?
EPSS score ?
Summary
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html | x_refsource_MISC | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21962302 | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2015-1485.html | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2015-1486.html | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2015-1488.html | x_refsource_MISC | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182 | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2015-1544.html | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2015-1604.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/75985 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:02:42.523Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962302", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1485.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1486.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1488.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1544.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1604.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securityfocus.com/bid/75985", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-07-15T00:00:00", descriptions: [ { lang: "en", value: "IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.", }, ], problemTypes: [ { descriptions: [ { description: "Other", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:38:04", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962302", }, { tags: [ "x_refsource_MISC", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1485.html", }, { tags: [ "x_refsource_MISC", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1486.html", }, { tags: [ "x_refsource_MISC", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1488.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182", }, { tags: [ "x_refsource_MISC", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1544.html", }, { tags: [ "x_refsource_MISC", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1604.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.securityfocus.com/bid/75985", }, { tags: [ "x_refsource_MISC", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-1931", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Other", }, ], }, ], }, references: { reference_data: [ { name: "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html", refsource: "MISC", url: "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21962302", refsource: "MISC", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962302", }, { name: "http://rhn.redhat.com/errata/RHSA-2015-1485.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2015-1485.html", }, { name: "http://rhn.redhat.com/errata/RHSA-2015-1486.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2015-1486.html", }, { name: "http://rhn.redhat.com/errata/RHSA-2015-1488.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2015-1488.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182", refsource: "MISC", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182", }, { name: "http://rhn.redhat.com/errata/RHSA-2015-1544.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2015-1544.html", }, { name: "http://rhn.redhat.com/errata/RHSA-2015-1604.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2015-1604.html", }, { name: "http://www.securityfocus.com/bid/75985", refsource: "MISC", url: "http://www.securityfocus.com/bid/75985", }, { name: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html", refsource: "MISC", url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-1931", datePublished: "2020-01-23T18:42:52", dateReserved: "2015-02-19T00:00:00", dateUpdated: "2024-08-06T05:02:42.523Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-0363 (GCVE-0-2016-0363)
Vulnerability from cvelistv5
Published
2016-06-03 14:00
Modified
2024-08-05 22:15
Severity ?
EPSS score ?
Summary
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:15:24.000Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", }, { name: "85895", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/85895", }, { name: "SUSE-SU-2016:1299", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html", }, { name: "RHSA-2016:1039", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1039.html", }, { name: "RHSA-2016:0701", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0701.html", }, { name: "SUSE-SU-2016:1303", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html", }, { name: "SUSE-SU-2016:1475", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html", }, { name: "SUSE-SU-2016:1300", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html", }, { name: "RHSA-2016:1430", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf", }, { name: "RHSA-2016:0708", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0708.html", }, { name: "SUSE-SU-2016:1378", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html", }, { name: "SUSE-SU-2016:1379", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html", }, { name: "20160405 Re: [SE-2012-01] Broken security fix in IBM Java 7/8", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2016/Apr/20", }, { name: "SUSE-SU-2016:1458", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html", }, { name: "RHSA-2016:0716", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0716.html", }, { name: "1035953", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035953", }, { name: "20160404 [SE-2012-01] Broken security fix in IBM Java 7/8", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2016/Apr/3", }, { name: "SUSE-SU-2016:1388", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html", }, { name: "RHSA-2016:0702", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0702.html", }, { name: "RHSA-2017:1216", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1216", }, { name: "IX90172", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90172", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-04T00:00:00", descriptions: [ { lang: "en", value: "The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", }, { name: "85895", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/85895", }, { name: "SUSE-SU-2016:1299", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html", }, { name: "RHSA-2016:1039", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1039.html", }, { name: "RHSA-2016:0701", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0701.html", }, { name: "SUSE-SU-2016:1303", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html", }, { name: "SUSE-SU-2016:1475", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html", }, { name: "SUSE-SU-2016:1300", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html", }, { name: "RHSA-2016:1430", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { tags: [ "x_refsource_MISC", ], url: "http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf", }, { name: "RHSA-2016:0708", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0708.html", }, { name: "SUSE-SU-2016:1378", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html", }, { name: "SUSE-SU-2016:1379", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html", }, { name: "20160405 Re: [SE-2012-01] Broken security fix in IBM Java 7/8", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2016/Apr/20", }, { name: "SUSE-SU-2016:1458", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html", }, { name: "RHSA-2016:0716", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0716.html", }, { name: "1035953", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035953", }, { name: "20160404 [SE-2012-01] Broken security fix in IBM Java 7/8", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2016/Apr/3", }, { name: "SUSE-SU-2016:1388", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html", }, { name: "RHSA-2016:0702", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0702.html", }, { name: "RHSA-2017:1216", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1216", }, { name: "IX90172", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90172", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-0363", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21980826", }, { name: "85895", refsource: "BID", url: "http://www.securityfocus.com/bid/85895", }, { name: "SUSE-SU-2016:1299", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html", }, { name: "RHSA-2016:1039", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1039.html", }, { name: "RHSA-2016:0701", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0701.html", }, { name: "SUSE-SU-2016:1303", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html", }, { name: "SUSE-SU-2016:1475", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html", }, { name: "SUSE-SU-2016:1300", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html", }, { name: "RHSA-2016:1430", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1430", }, { name: "http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf", refsource: "MISC", url: "http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf", }, { name: "RHSA-2016:0708", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0708.html", }, { name: "SUSE-SU-2016:1378", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html", }, { name: "SUSE-SU-2016:1379", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html", }, { name: "20160405 Re: [SE-2012-01] Broken security fix in IBM Java 7/8", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2016/Apr/20", }, { name: "SUSE-SU-2016:1458", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html", }, { name: "RHSA-2016:0716", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0716.html", }, { name: "1035953", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035953", }, { name: "20160404 [SE-2012-01] Broken security fix in IBM Java 7/8", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2016/Apr/3", }, { name: "SUSE-SU-2016:1388", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html", }, { name: "RHSA-2016:0702", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0702.html", }, { name: "RHSA-2017:1216", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1216", }, { name: "IX90172", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90172", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-0363", datePublished: "2016-06-03T14:00:00", dateReserved: "2015-12-08T00:00:00", dateUpdated: "2024-08-05T22:15:24.000Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-27267 (GCVE-0-2024-27267)
Vulnerability from cvelistv5
Published
2024-08-14 15:59
Modified
2024-08-14 18:28
Severity ?
EPSS score ?
Summary
The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7165421 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/284573 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | SDK, Java Technology Edition |
Version: 7.1.0.0 ≤ 7.1.5.18 Version: 8.0.0.0 ≤ 8.0.8.26 cpe:2.3:a:ibm:java_sdk:7.0.1.0:*:*:*:technology:*:*:* cpe:2.3:a:ibm:java_sdk:7.1.5.18:*:*:*:technology:*:*:* cpe:2.3:a:ibm:java_sdk:8.0.0.0:*:*:*:technology:*:*:* cpe:2.3:a:ibm:java_sdk:8.0.8.26:*:*:*:technology:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-27267", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T18:27:40.627571Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T18:28:56.564Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:java_sdk:7.0.1.0:*:*:*:technology:*:*:*", "cpe:2.3:a:ibm:java_sdk:7.1.5.18:*:*:*:technology:*:*:*", "cpe:2.3:a:ibm:java_sdk:8.0.0.0:*:*:*:technology:*:*:*", "cpe:2.3:a:ibm:java_sdk:8.0.8.26:*:*:*:technology:*:*:*", ], defaultStatus: "unaffected", product: "SDK, Java Technology Edition", vendor: "IBM", versions: [ { lessThanOrEqual: "7.1.5.18", status: "affected", version: "7.1.0.0", versionType: "semver", }, { lessThanOrEqual: "8.0.8.26", status: "affected", version: "8.0.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573.", }, ], value: "The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-300", description: "CWE-300 Channel Accessible by Non-Endpoint", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T15:59:46.807Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7165421", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/284573", }, ], source: { discovery: "UNKNOWN", }, title: "IBM SDK, Java Technology Edition denial of service", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-27267", datePublished: "2024-08-14T15:59:46.807Z", dateReserved: "2024-02-22T01:26:39.521Z", dateUpdated: "2024-08-14T18:28:56.564Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-0878 (GCVE-0-2014-0878)
Vulnerability from cvelistv5
Published
2014-05-26 19:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:20.270Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "59022", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59022", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21680750", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21679610", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676672", }, { name: "59058", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59058", }, { name: "61264", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61264", }, { name: "ibm-java-cve20140878-weak-sec(91084)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91084", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21689593", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21681256", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674539", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686717", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21683484", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21673836", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21677387", }, { name: "59023", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59023", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21672043", }, { name: "67601", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/67601", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21679713", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21675343", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676703", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21675588", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-05-05T00:00:00", descriptions: [ { lang: "en", value: "The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "59022", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59022", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21680750", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21679610", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676672", }, { name: "59058", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59058", }, { name: "61264", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61264", }, { name: "ibm-java-cve20140878-weak-sec(91084)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91084", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21689593", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21681256", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674539", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686717", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21683484", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21673836", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21677387", }, { name: "59023", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59023", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21672043", }, { name: "67601", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/67601", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21679713", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21675343", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676703", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21675588", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2014-0878", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "59022", refsource: "SECUNIA", url: "http://secunia.com/advisories/59022", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21680750", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21680750", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21679610", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21679610", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21676672", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676672", }, { name: "59058", refsource: "SECUNIA", url: "http://secunia.com/advisories/59058", }, { name: "61264", refsource: "SECUNIA", url: "http://secunia.com/advisories/61264", }, { name: "ibm-java-cve20140878-weak-sec(91084)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91084", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21689593", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21689593", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21681256", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21681256", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21674539", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674539", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686717", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686717", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21683484", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21683484", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21673836", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21673836", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg21677387", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21677387", }, { name: "59023", refsource: "SECUNIA", url: "http://secunia.com/advisories/59023", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21672043", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21672043", }, { name: "67601", refsource: "BID", url: "http://www.securityfocus.com/bid/67601", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21679713", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21679713", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg21675343", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21675343", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21676703", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676703", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg21675588", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21675588", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2014-0878", datePublished: "2014-05-26T19:00:00", dateReserved: "2014-01-06T00:00:00", dateUpdated: "2024-08-06T09:27:20.270Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-8892 (GCVE-0-2014-8892)
Vulnerability from cvelistv5
Published
2015-03-06 23:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:33:12.653Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015", }, { name: "RHSA-2015:0136", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0136.html", }, { name: "73259", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/73259", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1189145", }, { name: "SUSE-SU-2015:0376", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html", }, { name: "RHSA-2015:0264", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0264.html", }, { name: "SUSE-SU-2015:0392", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html", }, { name: "SUSE-SU-2015:0345", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html", }, { name: "SUSE-SU-2015:0343", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", }, { name: "SUSE-SU-2015:0306", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html", }, { name: "SUSE-SU-2015:1073", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", }, { name: "SUSE-SU-2015:0344", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html", }, { name: "SUSE-SU-2015:0304", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-06T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-29T18:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015", }, { name: "RHSA-2015:0136", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0136.html", }, { name: "73259", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/73259", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1189145", }, { name: "SUSE-SU-2015:0376", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html", }, { name: "RHSA-2015:0264", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0264.html", }, { name: "SUSE-SU-2015:0392", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html", }, { name: "SUSE-SU-2015:0345", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html", }, { name: "SUSE-SU-2015:0343", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", }, { name: "SUSE-SU-2015:0306", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html", }, { name: "SUSE-SU-2015:1073", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", }, { name: "SUSE-SU-2015:0344", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html", }, { name: "SUSE-SU-2015:0304", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2014-8892", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015", refsource: "CONFIRM", url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015", }, { name: "RHSA-2015:0136", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-0136.html", }, { name: "73259", refsource: "BID", url: "http://www.securityfocus.com/bid/73259", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1189145", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1189145", }, { name: "SUSE-SU-2015:0376", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html", }, { name: "RHSA-2015:0264", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-0264.html", }, { name: "SUSE-SU-2015:0392", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html", }, { name: "SUSE-SU-2015:0345", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html", }, { name: "SUSE-SU-2015:0343", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html", }, { name: "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", refsource: "CONFIRM", url: "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", }, { name: "SUSE-SU-2015:0306", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html", }, { name: "SUSE-SU-2015:1073", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", }, { name: "SUSE-SU-2015:0344", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html", }, { name: "SUSE-SU-2015:0304", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2014-8892", datePublished: "2015-03-06T23:00:00", dateReserved: "2014-11-14T00:00:00", dateUpdated: "2024-08-06T13:33:12.653Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-8891 (GCVE-0-2014-8891)
Vulnerability from cvelistv5
Published
2015-03-06 23:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:33:11.878Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015", }, { name: "RHSA-2015:0136", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0136.html", }, { name: "SUSE-SU-2015:0376", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html", }, { name: "RHSA-2015:0264", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0264.html", }, { name: "SUSE-SU-2015:0392", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html", }, { name: "SUSE-SU-2015:0345", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html", }, { name: "SUSE-SU-2015:0343", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", }, { name: "SUSE-SU-2015:0306", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html", }, { name: "SUSE-SU-2015:1073", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", }, { name: "SUSE-SU-2015:0344", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1189142", }, { name: "SUSE-SU-2015:0304", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-06T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-23T18:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015", }, { name: "RHSA-2015:0136", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0136.html", }, { name: "SUSE-SU-2015:0376", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html", }, { name: "RHSA-2015:0264", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0264.html", }, { name: "SUSE-SU-2015:0392", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html", }, { name: "SUSE-SU-2015:0345", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html", }, { name: "SUSE-SU-2015:0343", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", }, { name: "SUSE-SU-2015:0306", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html", }, { name: "SUSE-SU-2015:1073", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", }, { name: "SUSE-SU-2015:0344", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1189142", }, { name: "SUSE-SU-2015:0304", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2014-8891", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015", refsource: "CONFIRM", url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015", }, { name: "RHSA-2015:0136", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-0136.html", }, { name: "SUSE-SU-2015:0376", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html", }, { name: "RHSA-2015:0264", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-0264.html", }, { name: "SUSE-SU-2015:0392", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html", }, { name: "SUSE-SU-2015:0345", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html", }, { name: "SUSE-SU-2015:0343", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html", }, { name: "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", refsource: "CONFIRM", url: "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", }, { name: "SUSE-SU-2015:0306", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html", }, { name: "SUSE-SU-2015:1073", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", }, { name: "SUSE-SU-2015:0344", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1189142", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1189142", }, { name: "SUSE-SU-2015:0304", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2014-8891", datePublished: "2015-03-06T23:00:00", dateReserved: "2014-11-14T00:00:00", dateUpdated: "2024-08-06T13:33:11.878Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }