CVE-2015-4902 — MEDIUM (5.3)

Vulnerability Description

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Oracle	Jdk	1.6.0
Oracle	Jre	1.6.0
Redhat	Satellite	5.6
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	6.7
Redhat	Enterprise Linux Eus Compute Node	7.2
Redhat	Enterprise Linux For Ibm Z Systems	5.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	6.7_s390x
Redhat	Enterprise Linux For Power Big Endian	5.0_ppc
Redhat	Enterprise Linux For Power Big Endian Eus	6.7_ppc64
Redhat	Enterprise Linux For Power Little Endian	7.0_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	7.2_ppc64le
Redhat	Enterprise Linux For Scientific Computing	6.0
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server From Rhui	5.0
Redhat	Enterprise Linux Workstation	5.0
Suse	Linux Enterprise Module For Legacy	12
Opensuse	Leap	42.1
Opensuse	Opensuse	13.2
Suse	Linux Enterprise Server	10

Related Weaknesses (CWE)

CWE-284

References

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1926.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1927.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1928.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2506.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2507.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2508.htmlThird Party Advisory

FAQ

What is CVE-2015-4902?

CVE-2015-4902 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.

How severe is CVE-2015-4902?

CVE-2015-4902 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-4902?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Jdk, Oracle Jre, Redhat Satellite, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.