Vulnerability Name:

CVE-2015-0470 (CCN-102338)

Assigned:2014-12-17
Published:2015-04-14
Updated:2022-05-13
Summary:Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Other
References:Source: MITRE
Type: CNA
CVE-2015-0470

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:0773

Source: REDHAT
Type: UNKNOWN
RHSA-2015:0809

Source: REDHAT
Type: UNKNOWN
RHSA-2015:0854

Source: DEBIAN
Type: UNKNOWN
DSA-3234

Source: DEBIAN
Type: UNKNOWN
DSA-3235

Source: DEBIAN
Type: UNKNOWN
DSA-3316

Source: CCN
Type: IBM Security Bulletin T1022548
Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack (CVE-2015-0486 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-2808 CVE-2015-

Source: CCN
Type: IBM Security Bulletin T1022550
Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry (CVE-2015-0486 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-2808 CVE-2015-1916 CVE-201

Source: CCN
Type: IBM Security Bulletin S1009682 (SnapManager for Oracle)
April 2015 Java Platform Standard Edition Vulnerabilities in Multiple N series Products

Source: CCN
Type: IBM Security Bulletin 1903636
CICS Transaction Gateway for Multiplatforms

Source: CCN
Type: IBM Security Bulletin 1961493
Multiple vulnerabilities in Java Runtime Environment affectsIBM DB2 Recovery Expert for Linux, UNIX and Windows(CVE-2015-0204, CVE-2015-0138, CVE-2015-2808, CVE-2015-0460, CVE-2015-470)

Source: CCN
Type: IBM Security Bulletin 1965553
Multiple vulnerabilities in IBM Java SDK affect Tivoli Storage Productivity Center April 2015 CPU

Source: CCN
Type: Oracle Critical Patch Update - April 2015
Oracle Critical Patch Update - April 2015

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Source: BID
Type: UNKNOWN
74149

Source: CCN
Type: BID-74149
Oracle Java SE CVE-2015-0470 Remote Security Vulnerability

Source: SECTRACK
Type: UNKNOWN
1032120

Source: XF
Type: UNKNOWN
oracle-cpuapr2015-cve20150470(102338)

Source: GENTOO
Type: UNKNOWN
GLSA-201603-11

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-0470

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:jdk:1.8.0:update40:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.8.0:update40:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 10:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration RedHat 11:
  • cpe:/a:redhat:rhel_extras_oracle_java:6:*:*:*:*:*:*:*

    • Configuration RedHat 12:
  • cpe:/a:redhat:rhel_extras_oracle_java:7:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:jdk:1.8.0:update40:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.8.0:update40:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:cics_transaction_gateway:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.1.1:*:*:*:standard:*:*:*
  • OR cpe:/a:ibm:smartcloud_entry:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_entry:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_entry:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_entry:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_manager:4.1.0:*:*:*:*:openstack:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_recovery_expert:3.1.0:*:*:*:linux:*:*:*
  • OR cpe:/a:ibm:db2_recovery_expert:3.1.0:*:*:*:unix:*:*:*
  • OR cpe:/a:ibm:db2_recovery_expert:3.1.0:*:*:*:windows:*:*:*
  • OR cpe:/a:ibm:db2_recovery_expert:4.1.0:*:*:*:linux:*:*:*
  • OR cpe:/a:ibm:db2_recovery_expert:4.1.0:*:*:*:unix:*:*:*
  • OR cpe:/a:ibm:db2_recovery_expert:4.1.0:*:*:*:windows:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_manager:4.2.0:*:*:*:*:openstack:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2.6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20150470
    V
    		CVE-2015-0470
    2022-09-02
    oval:com.redhat.rhsa:def:20150854
    P
    		RHSA-2015:0854: java-1.8.0-oracle security update (Critical)
    2017-12-15
    oval:org.cisecurity:def:85
    P
    		DSA-3234-1 -- openjdk-6 -- security update
    2016-02-08
    oval:org.cisecurity:def:130
    P
    		DSA-3316-1 -- openjdk-7 -- security update
    2016-02-08
    oval:org.cisecurity:def:210
    P
    		DSA-3235-1 -- openjdk-7 -- security update
    2016-02-08
    oval:org.mitre.oval:def:29136
    P
    		RHSA-2015:0809 -- java-1.8.0-openjdk security update (Important)
    2015-08-17
    oval:com.ubuntu.precise:def:20150470000
    V
    		CVE-2015-0470 on Ubuntu 12.04 LTS (precise) - medium.
    2015-04-16
    oval:com.ubuntu.trusty:def:20150470000
    V
    		CVE-2015-0470 on Ubuntu 14.04 LTS (trusty) - medium.
    2015-04-16
    oval:com.redhat.rhsa:def:20150809
    P
    		RHSA-2015:0809: java-1.8.0-openjdk security update (Important)
    2015-04-15
    BACK
    oracle jdk 1.8.0 update40
    oracle jre 1.8.0 update40
    oracle jdk 1.8.0 update40
    oracle jre 1.8.0 update40
    ibm cics transaction gateway 8.0
    ibm tivoli storage productivity center 5.1
    ibm cics transaction gateway 8.1
    ibm cics transaction gateway 9.0
    ibm tivoli storage productivity center 5.1.1
    ibm smartcloud entry 3.1
    ibm smartcloud entry 3.2
    ibm tivoli storage productivity center 5.2
    ibm tivoli storage productivity center 5.2.1
    ibm smartcloud entry 2.3
    ibm smartcloud entry 2.4
    ibm cloud manager 4.1.0
    ibm cics transaction gateway 9.1
    ibm tivoli storage productivity center 5.2.2
    ibm db2 recovery expert 3.1.0
    ibm db2 recovery expert 3.1.0
    ibm db2 recovery expert 3.1.0
    ibm db2 recovery expert 4.1.0
    ibm db2 recovery expert 4.1.0
    ibm db2 recovery expert 4.1.0
    ibm tivoli storage productivity center 5.2.3
    ibm tivoli storage productivity center 5.2.4
    ibm cloud manager 4.2.0
    ibm tivoli storage productivity center 5.2.5
    ibm tivoli storage productivity center 5.2.6