CVE-2015-0192

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

References

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html

http://rhn.redhat.com/errata/RHSA-2015-1006.html

http://rhn.redhat.com/errata/RHSA-2015-1007.html

http://rhn.redhat.com/errata/RHSA-2015-1020.html

http://rhn.redhat.com/errata/RHSA-2015-1021.html

http://rhn.redhat.com/errata/RHSA-2015-1091.html

http://www-01.ibm.com/support/docview.wss?uid=swg1IV70682

http://www-01.ibm.com/support/docview.wss?uid=swg1IV70683

http://www-01.ibm.com/support/docview.wss?uid=swg21883640

Details

Source: MITRE

Published: 2015-07-02

Updated: 2019-06-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:* versions from 6.0.0.0 to 6.0.16.4 (inclusive)

cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:* versions from 7.0.0.0 to 7.0.9 (inclusive)

cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
119967SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:1161-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
85379SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1375-1) (Bar Mitzvah) (Logjam)NessusSuSE Local Security Checks
low
84441SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1086-4) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84425SUSE SLES10 Security Update : IBM Java (SUSE-SU-2015:1138-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84423SUSE SLES11 Security Update : Java (SUSE-SU-2015:1086-3) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84337SUSE SLES11 Security Update : IBM Java (SUSE-SU-2015:1086-2) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84286SUSE SLES11 Security Update : IBM Java (SUSE-SU-2015:1086-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84285SUSE SLES10 Security Update : IBM Java (SUSE-SU-2015:1085-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84260SUSE SLES12 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1073-1) (Bar Mitzvah)NessusSuSE Local Security Checks
critical
84143RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:1091) (Bar Mitzvah)NessusRed Hat Local Security Checks
critical
84087AIX Java Advisory : java_april2015_advisory.asc (Bar Mitzvah) (FREAK)NessusAIX Local Security Checks
critical
83754RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2015:1021) (Bar Mitzvah)NessusRed Hat Local Security Checks
critical
83753RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2015:1020) (Bar Mitzvah)NessusRed Hat Local Security Checks
critical
83433RHEL 5 : java-1.7.0-ibm (RHSA-2015:1007) (Bar Mitzvah)NessusRed Hat Local Security Checks
critical
83432RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2015:1006) (Bar Mitzvah)NessusRed Hat Local Security Checks
critical