Information Disclosure in IBM Java SDK Versions
CVE-2015-1931
5.5MEDIUM
Summary
The IBM SDK, Java Technology Edition prior to specific service releases contains a vulnerability where it stores sensitive information as plaintext in memory dumps. This could potentially allow local users to access confidential data by reading files that should be protected. Affected versions include IBM Java SDK 8 (before SR1 FP10), 7 R1 (before SR3 FP10), 7 (before SR9 FP10), 6 R1 (before SR8 FP7), 6 (before SR16 FP7), and 5.0 (before SR16 FP13). Users are advised to update to the latest versions to mitigate risks associated with unauthorized information disclosure.
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved