CVE-2015-5041critical
Description
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
References
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html
http://www.securityfocus.com/bid/82451
http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872
Details
Source: MITRE
Published: 2016-06-06
Updated: 2019-06-19
Type: CWE-200
Risk Information
CVSS v2
Base Score: 6.4
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Impact Score: 4.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3
Base Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Impact Score: 5.2
Exploitability Score: 3.9
Severity: CRITICAL