CVE Vulnerabilities

CVE-2015-1931

Cleartext Storage of Sensitive Information

Published: Sep 29, 2022 | Modified: Nov 21, 2024
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
1.9 LOW
AV:L/AC:M/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.

Weakness

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Affected Software

Name Vendor Start Version End Version
Java_sdk Ibm 5.0.0.0 (including) 5.0.16.13 (excluding)
Java_sdk Ibm 6.0.0.0 (including) 6.0.16.7 (excluding)
Java_sdk Ibm 6.1.0.0 (including) 6.1.8.7 (excluding)
Java_sdk Ibm 7.0.0.0 (including) 7.0.9.10 (excluding)
Java_sdk Ibm 7.1.0.0 (including) 7.1.3.10 (excluding)
Java_sdk Ibm 8.0.0.0 (including) 8.0.1.10 (excluding)
Red Hat Enterprise Linux 5 Supplementary RedHat java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el5 *
Red Hat Enterprise Linux 5 Supplementary RedHat java-1.7.0-ibm-1:1.7.0.9.10-1jpp.2.el5 *
Red Hat Enterprise Linux 5 Supplementary RedHat java-1.5.0-ibm-1:1.5.0.16.13-1jpp.3.el5 *
Red Hat Enterprise Linux 6 Supplementary RedHat java-1.7.1-ibm-1:1.7.1.3.10-1jpp.3.el6_7 *
Red Hat Enterprise Linux 6 Supplementary RedHat java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7 *
Red Hat Enterprise Linux 6 Supplementary RedHat java-1.5.0-ibm-1:1.5.0.16.13-1jpp.3.el6_7 *
Red Hat Satellite 5.6 RedHat java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el5 *
Red Hat Satellite 5.7 RedHat java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7 *
Supplementary for Red Hat Enterprise Linux 7 RedHat java-1.7.1-ibm-1:1.7.1.3.10-1jpp.1.el7_1 *

Potential Mitigations

References