CVE-2015-4902

CVSS 5.3 MEDIUMEPSS 13.4%● KEVCWE-284

Vexday Risk Score

48Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 5.3EPSS 13.4%KEV simPoC —Patch referenciado

Lifecycle

21 Oct 2015Published on NVD

03 Mar 2022Active exploitation (CISA KEV)

Recommendation: Plan a near-term fix — a public PoC already exists.

In short

A vulnerability in Oracle Java SE allows remote attackers to compromise the integrity of Java applications through unspecified attack vectors related to the Deployment component. This means an attacker could potentially manipulate or alter Java program behavior without proper authorization.

Technical detail

An unspecified integrity vulnerability in Oracle Java SE versions 6u101, 7u85, and 8u60 exists within the Deployment component, affecting authenticated or unauthenticated remote attack scenarios. The exact attack vector and preconditions are not publicly detailed, but successful exploitation could result in unauthorized modification of Java application state or data.

Summary generated and translated by AI from the official description.

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References