5.5 - CVE-2015-1931

Executive Summary

Informations
Name	CVE-2015-1931	First vendor Publication	2022-09-29
Vendor	Cve	Last vendor Modification	2022-09-30

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Overall CVSS Score	5.5
Base Score	5.5	Environmental Score	5.5
impact SubScore	3.6	Temporal Score	5.5
Exploitabality Sub Score	1.8

Attack Vector	Local	Attack Complexity	Low
Privileges Required	Low	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	None	Availability Impact	None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1931

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-312	Cleartext Storage of Sensitive Information

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28880

Oval ID:	oval:org.mitre.oval:def:28880
Title:	Vulnerability in IBM SDK Java JSSE affects AIX
Description:	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2015-1931	Version:	2
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.615 AND Java5_64.sdk less than 5.0.0.615 AND Java6.sdk less than 6.0.0.495 AND Java6_64.sdk less than 6.0.0.495 AND Java7.sdk less than 7.0.0.255 AND Java7_64.sdk less than 7.0.0.255 AND Java71.sdk less than 7.1.0.135 AND Java71_64.sdk less than 7.1.0.135

CPE : Common Platform Enumeration

Type	Description	Count
Application	Ibm Java Sdk cpe:2.3:a:ibm:java_sdk:8.0.0.0::::technology::: cpe:2.3:a:ibm:java_sdk:7.1.0.0::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.6.1::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.6.0::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.5.0::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.4.2::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.4.1::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.4.0::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.3.0::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.2.0::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.1.0::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.0.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.1.0.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.9.2::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.9.1::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.9.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.8.1::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.8.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.7.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.6.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.5.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.4.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.3.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.2.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.15.1::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.15.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.14.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.13.2::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.13.1::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.13.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.12.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.11.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.10.1::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.10.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.1.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.0.0::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.16.5::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.16.4::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.16.3::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.16.2::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.16.1::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.16.0::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.15.0::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.14.0::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.13.0::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.12.5::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.12.4::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.12.3::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.12.2::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.12.1::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.12.0::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.11.2::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.11.1::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.11.0::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.0.0::::technology::: cpe:2.3:a:ibm:java_sdk:::::technology:::*	56
Application	Redhat Satellite cpe:2.3:a:redhat:satellite:5.7:::::::* cpe:2.3:a:redhat:satellite:5.6:::::::*	2
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*	3
Os	Redhat Enterprise Linux Eus cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.1:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:6.7:::::::*	6
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*	3
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*	3
Os	Suse Linux Enterprise Server cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::* cpe:2.3:o:suse:linux_enterprise_server:11:sp4:::::: cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::-::* cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::* cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:-::	5
Os	Suse Linux Enterprise Software Development Kit cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:::::: cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3::::::	2

Nessus® Vulnerability Scanner

Date	Description
2015-09-09	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1509-1.nasl - Type : ACT_GATHER_INFO
2015-08-17	Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_july2015_advisory.nasl - Type : ACT_GATHER_INFO
2015-08-13	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1604.nasl - Type : ACT_GATHER_INFO
2015-08-13	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1375-1.nasl - Type : ACT_GATHER_INFO
2015-08-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1544.nasl - Type : ACT_GATHER_INFO
2015-08-04	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1329-1.nasl - Type : ACT_GATHER_INFO
2015-08-04	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1331-1.nasl - Type : ACT_GATHER_INFO
2015-07-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1488.nasl - Type : ACT_GATHER_INFO
2015-07-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1485.nasl - Type : ACT_GATHER_INFO
2015-07-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1486.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
MISC	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html http://rhn.redhat.com/errata/RHSA-2015-1485.html http://rhn.redhat.com/errata/RHSA-2015-1486.html http://rhn.redhat.com/errata/RHSA-2015-1488.html http://rhn.redhat.com/errata/RHSA-2015-1544.html http://rhn.redhat.com/errata/RHSA-2015-1604.html http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182 http://www-01.ibm.com/support/docview.wss?uid=swg21962302 http://www.securityfocus.com/bid/75985

Source

Url

MISC

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html
http://rhn.redhat.com/errata/RHSA-2015-1485.html
http://rhn.redhat.com/errata/RHSA-2015-1486.html
http://rhn.redhat.com/errata/RHSA-2015-1488.html
http://rhn.redhat.com/errata/RHSA-2015-1544.html
http://rhn.redhat.com/errata/RHSA-2015-1604.html
http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182
http://www-01.ibm.com/support/docview.wss?uid=swg21962302
http://www.securityfocus.com/bid/75985

Alert History

If you want to see full details history, please login or register.

Date	Informations
2022-09-30 09:27:15	Multiple Updates
2022-09-30 02:11:22	Multiple Updates
2022-09-30 01:21:13	Multiple Updates
2022-09-29 21:27:10	Multiple Updates
2022-09-29 09:27:13	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	80
Sources(s)	10
Nessus® Exploit(s)	10

	Related
10	RHSA-2015:1544
10	RHSA-2015:1488
10	RHSA-2015:1486
10	RHSA-2015:1485
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 4 more Alert(s)

5.5 - CVE-2015-1931

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU