CVE-2015-1931

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM SDK, Java Technology Edition versions 8 before SR1 FP10 IBM SDK, Java Technology Edition 7 R1 before SR3 FP10 IBM SDK, Java Technology Edition 7 before SR9 FP10 IBM SDK, Java Technology Edition 6 R1 before SR8 FP7 IBM SDK, Java Technology Edition 6 before SR16 FP7 IBM SDK, Java Technology Edition 5.0 before SR16 FP13

Description The issue allows local users to obtain sensitive information by reading a file, as plaintext information is stored in memory dumps.

Recommendations For IBM SDK, Java Technology Edition 8 before SR1 FP10, update to SR1 FP10 or later. For IBM SDK, Java Technology Edition 7 R1 before SR3 FP10, update to SR3 FP10 or later. For IBM SDK, Java Technology Edition 7 before SR9 FP10, update to SR9 FP10 or later. For IBM SDK, Java Technology Edition 6 R1 before SR8 FP7, update to SR8 FP7 or later. For IBM SDK, Java Technology Edition 6 before SR16 FP7, update to SR16 FP7 or later. For IBM SDK, Java Technology Edition 5.0 before SR16 FP13, update to SR16 FP13 or later.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2015-1931

RHSA-2015:1485

RHSA-2015:1486

RHSA-2015:1488

RHSA-2015:1544

RHSA-2015:1604

RHSA-2015_1485

RHSA-2015_1486

RHSA-2015_1544

SUSE-SU-2015:1329-1

SUSE-SU-2015:1331-1

SUSE-SU-2015:1345-1

SUSE-SU-2015:1375-1

SUSE-SU-2015:1509-1

SUSE-SU-2015_1329-1

SUSE-SU-2015_1331-1

SUSE-SU-2015_1345-1

SUSE-SU-2015_1509-1

Affected Products

Ibm Aix

Ibm Sdk

Red Hat

Suse

CVE-2015-1931

Weakness Enumeration

Related Identifiers

Affected Products

References · 113