CVE-2015-5041 — CRITICAL (9.1)

Q: How severe is CVE-2015-5041?

CVE-2015-5041 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2015-5041?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Java Sdk, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit, Suse Suse Linux Enterprise Server, Ibm Websphere Application Server.

Vulnerability Description

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

CVSS Score

9.1

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Java Sdk	>= 6.0.0.0, < 6.0.16.20
Suse	Linux Enterprise Server	11
Suse	Linux Enterprise Software Development Kit	11
Suse	Suse Linux Enterprise Server	12
Ibm	Websphere Application Server	<= 3.0.9.20
Redhat	Satellite	5.6

Related Weaknesses (CWE)

CWE-200

References

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.htmlMailing ListThird Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21974194Vendor Advisory
http://www.securityfocus.com/bid/82451Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2016:1430Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.htmlMailing ListThird Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21974194Vendor Advisory
http://www.securityfocus.com/bid/82451Third Party AdvisoryVDB Entry

FAQ

What is CVE-2015-5041?

CVE-2015-5041 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject d...

How severe is CVE-2015-5041?

CVE-2015-5041 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2015-5041?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Java Sdk, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit, Suse Suse Linux Enterprise Server, Ibm Websphere Application Server.