5

CVE-2015-1914

IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine.

Data is provided by the National Vulnerability Database (NVD)
IbmJava Version >= 5.0.0.0 < 5.0.16.10
IbmJava Version >= 6.0.0.0 < 6.0.16.4
IbmJava Version >= 6.1.0.0 < 6.1.8.4
IbmJava Version >= 7.0.0.0 < 7.0.9.0
IbmJava Version >= 7.1.0.0 < 7.1.3.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.25% 0.453
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/74645
Third Party Advisory
VDB Entry