2.1
CVE-2015-5006
- EPSS 0.48%
- Veröffentlicht 07.12.2015 20:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Java 2 Sdk SwEditiontechnology Version >= 5.0.0.0 <= 5.0.16.13
Redhat ≫ Enterprise Linux Desktop Version5.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Server Version5.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Eus Version6.7
Redhat ≫ Enterprise Linux Server Eus Version7.2
Redhat ≫ Enterprise Linux Server Eus Version7.3
Redhat ≫ Enterprise Linux Server Eus Version7.4
Redhat ≫ Enterprise Linux Server Eus Version7.5
Redhat ≫ Enterprise Linux Workstation Version5.0
Redhat ≫ Enterprise Linux Workstation Version6.0
Redhat ≫ Enterprise Linux Workstation Version7.0
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwEditionltss
Suse ≫ Linux Enterprise Server Version11 Updatesp3
Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware
Suse ≫ Linux Enterprise Server Version11 Updatesp4
Suse ≫ Linux Enterprise Server Version12
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp3
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp4
Suse ≫ Linux Enterprise Software Development Kit Version12
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.377 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html
http://rhn.redhat.com/errata/RHSA-2015-2506.html
http://rhn.redhat.com/errata/RHSA-2015-2507.html
http://rhn.redhat.com/errata/RHSA-2015-2508.html
http://rhn.redhat.com/errata/RHSA-2015-2509.html
https://access.redhat.com/errata/RHSA-2016:1430
http://www-01.ibm.com/support/docview.wss?uid=swg1IV78316
http://www-01.ibm.com/support/docview.wss?uid=swg21969225
http://www.securityfocus.com/bid/77645
http://www.securitytracker.com/id/1034214