CVE-2015-4902

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1926.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1927.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1928.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2506.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2507.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2508.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2509.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2518.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/77241	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033884	Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2016:1430	Third Party Advisory
https://security.gentoo.org/glsa/201603-11	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1926.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1927.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1928.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2506.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2507.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2508.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2509.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2518.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/77241	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033884	Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2016:1430	Third Party Advisory
https://security.gentoo.org/glsa/201603-11	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:jdk:1.6.0:update101::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update85::::::
	cpe:2.3:a:oracle:jdk:1.8.0:update60::::::
	cpe:2.3:a:oracle:jre:1.6.0:update101::::::
	cpe:2.3:a:oracle:jre:1.7.0:update85::::::
	cpe:2.3:a:oracle:jre:1.8.0:update60::::::

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:satellite:5.6:::::::*
	cpe:2.3:a:redhat:satellite:5.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:5.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:6.7_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.3_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.0_ppc:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.7_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.3_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:suse:linux_enterprise_module_for_legacy:12:::::::*
	cpe:2.3:o:opensuse:leap:42.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::-::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_server:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_server:12:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1::::::

History

10 Feb 2025, 20:15

Type	Values Removed	Values Added
CWE		CWE-284
CVSS	v2 : ~~5.0~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 5.3

Information

Published : 2015-10-22 00:00

Updated : 2025-04-12 10:46

NVD link : CVE-2015-4902

Mitre link : CVE-2015-4902

CVE.ORG link : CVE-2015-4902

JSON object : View

Products Affected

opensuse

opensuse
leap

redhat

enterprise_linux_workstation
enterprise_linux_for_scientific_computing
enterprise_linux_for_ibm_z_systems
enterprise_linux_eus_compute_node
satellite
enterprise_linux_desktop
enterprise_linux_for_power_big_endian_eus
enterprise_linux_eus
enterprise_linux_server
enterprise_linux_for_power_little_endian_eus
enterprise_linux_server_from_rhui
enterprise_linux_for_power_little_endian
enterprise_linux_for_power_big_endian
enterprise_linux_for_ibm_z_systems_eus

suse

linux_enterprise_module_for_legacy
linux_enterprise_server
linux_enterprise_software_development_kit

oracle

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2015-4902

5.3^/10

5.0^/10

Attach tags to `CVE-2015-4902`