Java Virtual Machine Vulnerability in IBM SDK
CVE-2014-8891

Currently unrated

Key Information:

Vendor: IBM
Status: Java Sdk
Vendor: CVE Published:; 6 March 2015

Summary

An unspecified vulnerability in the Java Virtual Machine within the IBM SDK, Java Technology Edition, allows remote attackers to escape the Java sandbox. This can lead to the execution of arbitrary code through various unspecified vectors related to the security manager. Affected versions include 5.0, 6, 6R1, 7, and 7R1, which prior to specific service releases are susceptible to this serious security flaw.

References

http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Se...

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2015-0136.html

vendor-advisoryx_refsource_REDHAT

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 6, 2015
Vulnerability Reserved
Nov 14, 2014