CVE-2015-1914

Published Jul 2, 2015

Last updated 6 years ago

CVSS info 5.0

Overview

Description: IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine.
Source: psirt@us.ibm.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D291505-B2CB-48F6-B4B9-8343DB71B4A2",
            "versionEndExcluding": "5.0.16.10",
            "versionStartIncluding": "5.0.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34A916D0-0419-47B4-91D7-3E1E74233DEC",
            "versionEndExcluding": "6.0.16.4",
            "versionStartIncluding": "6.0.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE2C442C-B649-4BEE-A228-467597CCA5F7",
            "versionEndExcluding": "6.1.8.4",
            "versionStartIncluding": "6.1.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A22DE1A-87C0-42EE-85ED-368F168D4DAF",
            "versionEndExcluding": "7.0.9.0",
            "versionStartIncluding": "7.0.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A058B1EB-3B24-430C-A278-7ABF45262756",
            "versionEndExcluding": "7.1.3.0",
            "versionStartIncluding": "7.1.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References