cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-27267,https://securityvulnerability.io/vulnerability/CVE-2024-27267,Remote Denial of Service in IBM SDK Java Technology Edition,"The Object Request Broker (ORB) within IBM SDK, Java Technology Edition versions 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is susceptible to a remote denial of service attack. This vulnerability arises from a race condition in the management of ORB listener threads, which may allow an attacker to disrupt service availability remotely. Organizations using the affected versions should implement appropriate mitigations and consider upgrading to secure versions.",IBM,Java Sdk,5.9,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-14T16:15:00.000Z,0
CVE-2023-38264,https://securityvulnerability.io/vulnerability/CVE-2023-38264,IBM SDK Vulnerable to Denial of Service Attack,"The IBM SDK, Java Technology Edition, specifically in its Object Request Broker (ORB) components across various versions, is susceptible to denial of service attacks under certain conditions. This vulnerability arises from improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters, potentially allowing attackers to exploit this flaw and disrupt service availability. Immediate attention and remediation are recommended to mitigate risks associated with this vulnerability.",IBM,"Sdk, Java Technology Edition",5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-14T13:21:00.000Z,0
CVE-2022-40609,https://securityvulnerability.io/vulnerability/CVE-2022-40609,"IBM SDK, Java Technology Edition code execution","The IBM SDK, Java Technology Edition versions 7.1.5.18 and 8.0.8.0 are vulnerable due to an unsafe deserialization flaw that could enable a remote attacker to execute arbitrary code on the affected system. By sending specifically crafted data to the application, the attacker can manipulate the deserialization process, potentially leading to unauthorized access and control over the system. Organizations using these versions should take immediate action to apply the necessary patches to mitigate the risks associated with this vulnerability.",IBM,"Sdk, Java Technology Edition",8.1,HIGH,0.004679999779909849,false,,false,false,false,,,false,false,,2023-08-02T14:21:51.701Z,0
CVE-2023-30441,https://securityvulnerability.io/vulnerability/CVE-2023-30441,IBM Java information disclosure,"The IBM Runtime Environment, specifically the Java Technology Edition components such as IBMJCEPlus and JSSE versions 8.0.7.0 through 8.0.7.11, are susceptible to vulnerabilities that may lead to the exposure of sensitive information. This exposure can arise from a combination of inherent flaws and misconfigurations within these components, allowing attackers to potentially access confidential data, posing a significant risk to organizations relying on this technology.",IBM,Java,7.5,HIGH,0.0027000000700354576,false,,false,false,false,,,false,false,,2023-04-29T15:15:00.000Z,0
CVE-2015-1931,https://securityvulnerability.io/vulnerability/CVE-2015-1931,Information Disclosure in IBM Java SDK Versions,"The IBM SDK, Java Technology Edition prior to specific service releases contains a vulnerability where it stores sensitive information as plaintext in memory dumps. This could potentially allow local users to access confidential data by reading files that should be protected. Affected versions include IBM Java SDK 8 (before SR1 FP10), 7 R1 (before SR3 FP10), 7 (before SR9 FP10), 6 R1 (before SR8 FP7), 6 (before SR16 FP7), and 5.0 (before SR16 FP13). Users are advised to update to the latest versions to mitigate risks associated with unauthorized information disclosure.",IBM,Java Sdk,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2019-4732,https://securityvulnerability.io/vulnerability/CVE-2019-4732,,"IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.",IBM,Java,7.2,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-02-03T17:15:00.000Z,0
CVE-2019-4473,https://securityvulnerability.io/vulnerability/CVE-2019-4473,,"Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.",IBM,Java,8.4,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-08-05T14:15:00.000Z,0
CVE-2018-1890,https://securityvulnerability.io/vulnerability/CVE-2018-1890,,"IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.",IBM,"Websphere Application Server Patterns,Websphere Application Server,Runtimes For Java Technology",5.6,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-03-11T22:29:00.000Z,0
CVE-2018-1656,https://securityvulnerability.io/vulnerability/CVE-2018-1656,,"The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.",IBM,"Sdk, Java Technology Edition",7.4,HIGH,0.014030000194907188,false,,false,false,false,,,false,false,,2018-08-20T21:29:00.000Z,0
CVE-2018-1517,https://securityvulnerability.io/vulnerability/CVE-2018-1517,,"A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.",IBM,"Sdk, Java Technology Edition",5.9,MEDIUM,0.023499999195337296,false,,false,false,false,,,false,false,,2018-08-20T21:29:00.000Z,0
CVE-2018-1417,https://securityvulnerability.io/vulnerability/CVE-2018-1417,,"Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.",IBM,"Sdk, Java Technology Edition",8.1,HIGH,0.021150000393390656,false,,false,false,false,,,false,false,,2018-02-22T19:29:00.000Z,0
CVE-2017-1681,https://securityvulnerability.io/vulnerability/CVE-2017-1681,,"IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003.",IBM,Liberty For Java For Bluemix,3.3,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-01-11T17:29:00.000Z,0
CVE-2017-1583,https://securityvulnerability.io/vulnerability/CVE-2017-1583,,IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF.,IBM,Liberty For Java For Bluemix,7.5,HIGH,0.002219999907538295,false,,false,false,false,,,false,false,,2017-10-24T21:00:00.000Z,0
CVE-2017-1289,https://securityvulnerability.io/vulnerability/CVE-2017-1289,,"IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.",IBM,Runtimes For Java Technology,8.2,HIGH,0.002199999988079071,false,,false,false,false,,,false,false,,2017-05-22T20:00:00.000Z,0
CVE-2015-5041,https://securityvulnerability.io/vulnerability/CVE-2015-5041,,"The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.",IBM,Java Sdk,9.1,CRITICAL,0.01013999991118908,false,,false,false,false,,,false,false,,2016-06-06T17:00:00.000Z,0
CVE-2015-5006,https://securityvulnerability.io/vulnerability/CVE-2015-5006,,"IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.",IBM,"Java 2 Sdk,Java Sdk",,,0.0006099999882280827,false,,false,false,false,,,false,false,,2015-12-07T20:00:00.000Z,0
CVE-2015-1916,https://securityvulnerability.io/vulnerability/CVE-2015-1916,,Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider.,IBM,Java,,,0.003470000112429261,false,,false,false,false,,,false,false,,2015-07-02T21:16:00.000Z,0
CVE-2015-1914,https://securityvulnerability.io/vulnerability/CVE-2015-1914,,"IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass ""permission checks"" and obtain sensitive information via vectors related to the Java Virtual Machine.",IBM,Java,,,0.0062699997797608376,false,,false,false,false,,,false,false,,2015-07-02T21:16:00.000Z,0
CVE-2015-0192,https://securityvulnerability.io/vulnerability/CVE-2015-0192,,"Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.",IBM,Java,,,0.03415999934077263,false,,false,false,false,,,false,false,,2015-07-02T21:16:00.000Z,0
CVE-2014-8891,https://securityvulnerability.io/vulnerability/CVE-2014-8891,,"Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.",IBM,Java Sdk,,,0.06615000218153,false,,false,false,false,,,false,false,,2015-03-06T23:00:00.000Z,0
CVE-2014-8892,https://securityvulnerability.io/vulnerability/CVE-2014-8892,,"Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager.",IBM,Java Sdk,,,0.008829999715089798,false,,false,false,false,,,false,false,,2015-03-06T23:00:00.000Z,0
CVE-2014-3068,https://securityvulnerability.io/vulnerability/CVE-2014-3068,,"IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.",IBM,Java,,,0.002580000087618828,false,,false,false,false,,,false,false,,2014-12-02T01:00:00.000Z,0
CVE-2014-3065,https://securityvulnerability.io/vulnerability/CVE-2014-3065,,"Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.",IBM,Java,,,0.0004400000034365803,false,,false,false,false,,,false,false,,2014-12-02T01:00:00.000Z,0
CVE-2014-0878,https://securityvulnerability.io/vulnerability/CVE-2014-0878,,"The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.",IBM,Java Sdk,,,0.003969999961555004,false,,false,false,false,,,false,false,,2014-05-26T19:00:00.000Z,0
CVE-2013-0485,https://securityvulnerability.io/vulnerability/CVE-2013-0485,,"Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries.",IBM,Java,,,0.003640000009909272,false,,false,false,false,,,false,false,,2014-01-21T18:00:00.000Z,0