Java Remote Code Execution Vulnerability in Rogue Wave JViews by Rogue Wave Software
CVE-2015-8965

9.8CRITICAL

Key Information:

Vendor

Perforce

Status
Jviews
Vendor
CVE Published:
6 April 2017

What is CVE-2015-8965?

The vulnerability stems from the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar, which allows unauthorized remote attackers to execute arbitrary Java code within the classpath. This lack of explicit servlet configuration enables attackers to exploit the system by running harmful code, raising significant security concerns for users of the affected versions of Rogue Wave JViews.

References

https://www.oracle.com/technetwork/security-advisory/cpuj...
x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.html
x_refsource_MISC
https://rwkbp.makekb.com/?View=entry&EntryID=2521
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.