Information Disclosure in IBM Java SDK Versions
CVE-2015-1931

5.5MEDIUM

Key Information:

Vendor
IBM
Status
Java Sdk
Vendor
CVE Published:
29 September 2022

Summary

The IBM SDK, Java Technology Edition prior to specific service releases contains a vulnerability where it stores sensitive information as plaintext in memory dumps. This could potentially allow local users to access confidential data by reading files that should be protected. Affected versions include IBM Java SDK 8 (before SR1 FP10), 7 R1 (before SR3 FP10), 7 (before SR9 FP10), 6 R1 (before SR8 FP7), 6 (before SR16 FP7), and 5.0 (before SR16 FP13). Users are advised to update to the latest versions to mitigate risks associated with unauthorized information disclosure.

References

http://lists.opensuse.org/opensuse-security-announce/2015...
x_refsource_MISC
http://www-01.ibm.com/support/docview.wss?uid=swg21962302
x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2015-1485.html
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.