CVE-2015-5041
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
| Software | From | Fixed in |
|---|---|---|
| ibm / java_sdk | 6.1.0.0 | 6.1.8.20 |
| ibm / java_sdk | 6.0.0.0 | 6.0.16.20 |
| ibm / java_sdk | 7.0.0.0 | 7.0.9.30 |
| ibm / java_sdk | 7.1.0.0 | 7.1.3.30 |
| suse / linux_enterprise_server | 11-sp4 | 11-sp4.x |
| suse / linux_enterprise_software_development_kit | 12-sp1 | 12-sp1.x |
| suse / linux_enterprise_software_development_kit | 12 | 12.x |
| suse / linux_enterprise_server | 12-sp1 | 12-sp1.x |
| suse / linux_enterprise_software_development_kit | 11-sp4 | 11-sp4.x |
| suse / linux_enterprise_server | 11-sp2 | 11-sp2.x |
| suse / suse_linux_enterprise_server | 12 | 12.x |
| ibm / websphere_application_server | - | 3.0.9.20.x |
| redhat / satellite | 5.7 | 5.7.x |
| redhat / satellite | 5.6 | 5.6.x |
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872
- http://www-01.ibm.com/support/docview.wss?uid=swg21974194
- http://www.securityfocus.com/bid/82451
- https://access.redhat.com/errata/RHSA-2016:1430
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime