The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html | Mailing List Third Party Advisory |
http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872 | Vendor Advisory |
http://www-01.ibm.com/support/docview.wss?uid=swg21974194 | Vendor Advisory |
http://www.securityfocus.com/bid/82451 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2016:1430 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2016-06-06 17:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-5041
Mitre link : CVE-2015-5041
CVE.ORG link : CVE-2015-5041
JSON object : View
Products Affected
suse
- linux_enterprise_server
- linux_enterprise_software_development_kit
- suse_linux_enterprise_server
ibm
- websphere_application_server
- java_sdk
redhat
- satellite
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor