CVE-2015-1931

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1485.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1486.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1488.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1544.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1604.html	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21962302	Vendor Advisory
http://www.securityfocus.com/bid/75985	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:java_sdk:::::technology:::*
	cpe:2.3:a:ibm:java_sdk:::::technology:::*
	cpe:2.3:a:ibm:java_sdk:::::technology:::*
	cpe:2.3:a:ibm:java_sdk:::::technology:::*
	cpe:2.3:a:ibm:java_sdk:::::technology:::*
	cpe:2.3:a:ibm:java_sdk:::::technology:::*

Configuration 2 (hide)

OR	cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:-::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::-::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4::::::

Configuration 3 (hide)

OR	cpe:2.3:a:redhat:satellite:5.6:::::::*
	cpe:2.3:a:redhat:satellite:5.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

History

30 Sep 2022, 03:04

Type	Values Removed	Values Added
References	~~(MISC) http://rhn.redhat.com/errata/RHSA-2015-1486.html -~~	(MISC) http://rhn.redhat.com/errata/RHSA-2015-1486.html - Third Party Advisory
References	~~(MISC) http://rhn.redhat.com/errata/RHSA-2015-1544.html -~~	(MISC) http://rhn.redhat.com/errata/RHSA-2015-1544.html - Third Party Advisory
References	~~(MISC) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html -~~	(MISC) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html - Mailing List, Third Party Advisory
References	~~(MISC) http://www-01.ibm.com/support/docview.wss?uid=swg21962302 -~~	(MISC) http://www-01.ibm.com/support/docview.wss?uid=swg21962302 - Vendor Advisory
References	~~(MISC) http://www.securityfocus.com/bid/75985 -~~	(MISC) http://www.securityfocus.com/bid/75985 - Broken Link
References	~~(MISC) http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182 -~~	(MISC) http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182 - Vendor Advisory
References	~~(MISC) http://rhn.redhat.com/errata/RHSA-2015-1604.html -~~	(MISC) http://rhn.redhat.com/errata/RHSA-2015-1604.html - Third Party Advisory
References	~~(MISC) http://rhn.redhat.com/errata/RHSA-2015-1488.html -~~	(MISC) http://rhn.redhat.com/errata/RHSA-2015-1488.html - Third Party Advisory
References	~~(MISC) http://rhn.redhat.com/errata/RHSA-2015-1485.html -~~	(MISC) http://rhn.redhat.com/errata/RHSA-2015-1485.html - Third Party Advisory
References	~~(MISC) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html -~~	(MISC) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html - Mailing List, Third Party Advisory
First Time		Suse linux Enterprise Server Redhat satellite Ibm Redhat Ibm java Sdk Suse linux Enterprise Software Development Kit Redhat enterprise Linux Eus Redhat enterprise Linux Desktop Suse Redhat enterprise Linux Server Redhat enterprise Linux Workstation
CWE		CWE-312
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::* cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::* cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::-::* cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::* cpe:2.3:o:suse:linux_enterprise_server:11:sp4:::::: cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.1:::::::* cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:6.7:::::::* cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::* cpe:2.3:a:ibm:java_sdk:::::technology:::* cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:::::: cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::* cpe:2.3:a:redhat:satellite:5.7:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::* cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:::::: cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::* cpe:2.3:a:redhat:satellite:5.6:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::* cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:-::

29 Sep 2022, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-29 03:15

Updated : 2023-12-10 14:35

NVD link : CVE-2015-1931

Mitre link : CVE-2015-1931

CVE.ORG link : CVE-2015-1931

JSON object : View

Products Affected

suse

linux_enterprise_server
linux_enterprise_software_development_kit

redhat

enterprise_linux_workstation
enterprise_linux_desktop
enterprise_linux_server
satellite
enterprise_linux_eus

ibm

java_sdk

CWE

CWE-312

Cleartext Storage of Sensitive Information

5.5 /10