Sensitive Information Exposure in IBM Java Security Components
CVE-2015-5006

Currently unrated

Key Information:

Vendor: IBM
Status: Java 2 Sdk; Java Sdk
Vendor: CVE Published:; 7 December 2015

Summary

The IBM SDK, Java Technology Edition has a vulnerability that allows attackers with physical access to a system to retrieve sensitive information from the Kerberos Credential Cache. This exposure could lead to unauthorized access to secure resources since credentials stored in the cache can be misappropriated by malicious individuals. Users should ensure they are using the latest versions of IBM SDK to mitigate this risk.

References

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

http://www-01.ibm.com/support/docview.wss?uid=swg1IV78316

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Dec 7, 2015
Vulnerability Reserved
Jun 24, 2015