CVE-2015-0192

Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21883640	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV70682	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV70683	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1091.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1021.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1020.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1007.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1006.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:java::::::::
	cpe:2.3:a:ibm:java::::::::
	cpe:2.3:a:ibm:java::::::::
	cpe:2.3:a:ibm:java::::::::
	cpe:2.3:a:ibm:java::::::::
	cpe:2.3:a:ibm:java::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:12:::::::*
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*

Information

Published : 2015-07-02 14:59

Updated : 2019-06-03 08:51

NVD link : CVE-2015-0192

Mitre link : CVE-2015-0192

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

redhat

enterprise_linux_desktop
enterprise_linux_server_aus
enterprise_linux_workstation
enterprise_linux_server_eus
enterprise_linux_server

suse

linux_enterprise_server
linux_enterprise_software_development_kit

ibm

java

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70682", "name": "IV70682", "tags": ["Vendor Advisory"], "refsource": "AIXAPAR"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70683", "name": "IV70683", "tags": ["Vendor Advisory"], "refsource": "AIXAPAR"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html", "name": "RHSA-2015:1091", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html", "name": "RHSA-2015:1021", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html", "name": "RHSA-2015:1020", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html", "name": "RHSA-2015:1007", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html", "name": "RHSA-2015:1006", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", "name": "SUSE-SU-2015:1161", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", "name": "SUSE-SU-2015:1138", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", "name": "SUSE-SU-2015:1086", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", "name": "SUSE-SU-2015:1085", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", "name": "SUSE-SU-2015:1073", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-0192", "ASSIGNER": "psirt@us.ibm.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-07-02T21:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.1.2.11", "versionStartIncluding": "7.1.0.0"}, {"cpe23Uri": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.0.1.0", "versionStartIncluding": "8.0"}, {"cpe23Uri": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.0.16.10", "versionStartIncluding": "5.0.0.0"}, {"cpe23Uri": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.1.8.4", "versionStartIncluding": "6.1.0.0"}, {"cpe23Uri": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.0.16.4", "versionStartIncluding": "6.0.0.0"}, {"cpe23Uri": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.0.9", "versionStartIncluding": "7.0.0.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-06-03T15:51Z"}

7.5 /10