CVE-2015-1931
MEDIUMIBM Java SDK 5.0.0.0-5.0.16.12 - Cleartext Storage of Sensitive Information in Memory Dumps
Title source: llmDescription
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.
References (10)
Core 10
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html
Vendor Advisory x_refsource_misc
http://www-01.ibm.com/support/docview.wss?uid=swg21962302
Third Party Advisory x_refsource_misc
http://rhn.redhat.com/errata/RHSA-2015-1485.html
Third Party Advisory x_refsource_misc
http://rhn.redhat.com/errata/RHSA-2015-1486.html
Third Party Advisory x_refsource_misc
http://rhn.redhat.com/errata/RHSA-2015-1488.html
Vendor Advisory x_refsource_misc
http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182
Third Party Advisory x_refsource_misc
http://rhn.redhat.com/errata/RHSA-2015-1544.html
Third Party Advisory x_refsource_misc
http://rhn.redhat.com/errata/RHSA-2015-1604.html
Broken Link x_refsource_misc
http://www.securityfocus.com/bid/75985
Mailing List, Third Party Advisory x_refsource_misc
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html
Scores
CVSS v3
5.5
EPSS
0.0005
EPSS Percentile
16.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (20)
ibm/java_sdk
5.0.0.0 - 5.0.16.13
redhat/enterprise_linux_desktop
5.0
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_eus
6.7
redhat/enterprise_linux_eus
7.1
redhat/enterprise_linux_eus
7.2
redhat/enterprise_linux_eus
7.3
redhat/enterprise_linux_eus
7.4
redhat/enterprise_linux_eus
7.5
... and 10 more
Published
Sep 29, 2022
Tracked Since
Feb 18, 2026