Vulnerability Description
Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Perforce | Jviews | <= 8.8 |
| Oracle | Data Integrator | 12.2.1.3.0 |
Related Weaknesses (CWE)
References
- https://rwkbp.makekb.com/?View=entry&EntryID=2521Vendor Advisory
- https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch
- https://rwkbp.makekb.com/?View=entry&EntryID=2521Vendor Advisory
- https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch
FAQ
What is CVE-2015-8965?
CVE-2015-8965 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue ex...
How severe is CVE-2015-8965?
CVE-2015-8965 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-8965?
Check the references section above for vendor advisories and patch information. Affected products include: Perforce Jviews, Oracle Data Integrator.