CVE-2015-5041

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

Published: Jun 6, 2016
Updated: Apr 13, 2023
CVE: CVE-2015-5041
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
ibm / java_sdk	6.1.0.0	6.1.8.20
ibm / java_sdk	6.0.0.0	6.0.16.20
ibm / java_sdk	7.0.0.0	7.0.9.30
ibm / java_sdk	7.1.0.0	7.1.3.30
suse / linux_enterprise_server	11-sp4	11-sp4.x
suse / linux_enterprise_software_development_kit	12-sp1	12-sp1.x
suse / linux_enterprise_software_development_kit	12	12.x
suse / linux_enterprise_server	12-sp1	12-sp1.x
suse / linux_enterprise_software_development_kit	11-sp4	11-sp4.x
suse / linux_enterprise_server	11-sp2	11-sp2.x
suse / suse_linux_enterprise_server	12	12.x
ibm / websphere_application_server	-	3.0.9.20.x
redhat / satellite	5.7	5.7.x
redhat / satellite	5.6	5.6.x

Vulnerability Database

289,599

CVE-2015-5041