IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Java_sdk | Ibm | 5.0.0.0 (including) | 5.0.16.13 (excluding) |
| Java_sdk | Ibm | 6.0.0.0 (including) | 6.0.16.7 (excluding) |
| Java_sdk | Ibm | 6.1.0.0 (including) | 6.1.8.7 (excluding) |
| Java_sdk | Ibm | 7.0.0.0 (including) | 7.0.9.10 (excluding) |
| Java_sdk | Ibm | 7.1.0.0 (including) | 7.1.3.10 (excluding) |
| Java_sdk | Ibm | 8.0.0.0 (including) | 8.0.1.10 (excluding) |
| Red Hat Enterprise Linux 5 Supplementary | RedHat | java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el5 | * |
| Red Hat Enterprise Linux 5 Supplementary | RedHat | java-1.7.0-ibm-1:1.7.0.9.10-1jpp.2.el5 | * |
| Red Hat Enterprise Linux 5 Supplementary | RedHat | java-1.5.0-ibm-1:1.5.0.16.13-1jpp.3.el5 | * |
| Red Hat Enterprise Linux 6 Supplementary | RedHat | java-1.7.1-ibm-1:1.7.1.3.10-1jpp.3.el6_7 | * |
| Red Hat Enterprise Linux 6 Supplementary | RedHat | java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7 | * |
| Red Hat Enterprise Linux 6 Supplementary | RedHat | java-1.5.0-ibm-1:1.5.0.16.13-1jpp.3.el6_7 | * |
| Red Hat Satellite 5.6 | RedHat | java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el5 | * |
| Red Hat Satellite 5.7 | RedHat | java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7 | * |
| Supplementary for Red Hat Enterprise Linux 7 | RedHat | java-1.7.1-ibm-1:1.7.1.3.10-1jpp.1.el7_1 | * |