CVE-2015-5041

Published: Jun 6, 2016Modified: May 6, 2026

9.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

Affected (14)

Products: Ibm: Java Sdk, Websphere Application Server · Suse: Linux Enterprise Server, Linux Enterprise Software Development Kit, Suse Linux Enterprise Server · Redhat: Satellite

2 products

Websphere Application Server

3 products

Linux Enterprise Server

Linux Enterprise Software Development Kit

Suse Linux Enterprise Server

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Java Sdk	From 6.0.0.0 to 6.0.16.20
Ibm Java Sdk	From 6.1.0.0 to 6.1.8.20
Ibm Java Sdk	From 7.0.0.0 to 7.0.9.30
Ibm Java Sdk	From 7.1.0.0 to 7.1.3.30

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Server	Version 11 sp2
Suse Linux Enterprise Server	Version 11 sp4
Suse Linux Enterprise Server	Version 12 sp1
Suse Linux Enterprise Software Development Kit	Version 11 sp4
Suse Linux Enterprise Software Development Kit	Version 12
Suse Linux Enterprise Software Development Kit	Version 12 sp1
Suse Suse Linux Enterprise Server	Version 12

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Websphere Application Server	Up to 3.0.9.20

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Satellite	Version 5.6
Redhat Satellite	Version 5.7

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (16)

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html

Source: psirt@us.ibm.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html

Source: psirt@us.ibm.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html

Source: psirt@us.ibm.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html

Source: psirt@us.ibm.com

Mailing ListThird Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872

Source: psirt@us.ibm.com

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21974194

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/82451

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2016:1430

Source: psirt@us.ibm.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21974194

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/82451

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2016:1430

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.