CVE-2015-0192
critical
CVSS v3
9.8
CVSS v2
7.5
VIR risk
9.8
Description
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21883640
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1IV70683
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1IV70682
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 5.0 | affected | |
| rhel | 6.0 | affected | |
| rhel | 7.0 | affected | |
| suse | 10 | affected | |
| suse | 11 | affected | |
| suse | 12 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | java | {"startIncluding":"5.0.0.0","endExcluding":"5.0.16.10"} | 5.0.16.10 |
References
- http://rhn.redhat.com/errata/RHSA-2015-1007.html
- http://rhn.redhat.com/errata/RHSA-2015-1006.html
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV70683
- http://rhn.redhat.com/errata/RHSA-2015-1091.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21883640
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
- http://rhn.redhat.com/errata/RHSA-2015-1020.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV70682
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
- http://rhn.redhat.com/errata/RHSA-2015-1021.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html
CWEs
CWE-269
Verify integrity in audit chain (admin only). AS-IS.