CVE-2014-8892
First published: Wed Feb 04 2015(Updated: )
IBM JDK updates 7R1 SR2-FP10, 7 SR8-FP10, 6R1 SR8-FP3, 6 SR16-FP3 and 5.0 SR16-FP9 correct an unspecified vulnerability identified using <a href="https://access.redhat.com/security/cve/CVE-2014-8892">CVE-2014-8892</a>. Upstream has rated this issue with CVSSv2 score of 4.3 (no vector provided). <a href="http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015</a> Further details of the issue should be made available via the following link: <a href="http://www.ibm.com/support/docview.wss?uid=swg21695747">http://www.ibm.com/support/docview.wss?uid=swg21695747</a>
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM SDK | >=5.0.0.0<=5.0.16.8 | |
| IBM SDK | >=6.0.0.0<6.0.16.3 | |
| IBM SDK | >=6.1.0.0<=6.1.8.2 | |
| IBM SDK | >=7.0.0.0<7.0.8.10 | |
| IBM SDK | >=7.1.0.0<7.1.2.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2015-0136.html
- http://rhn.redhat.com/errata/RHSA-2015-0264.html
- http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015
- http://www.securityfocus.com/bid/73259
- https://bugzilla.redhat.com/show_bug.cgi?id=1189145
- https://www-304.ibm.com/support/docview.wss?uid=swg21695474
- https://access.redhat.com/security/cve/CVE-2014-8892
- http://www.ibm.com/support/docview.wss?uid=swg21695747
- http://xforce.iss.net/xforce/xfdb/99011
- https://rhn.redhat.com/errata/RHSA-2015-0136.html
- https://rhn.redhat.com/errata/RHSA-2015-0135.html
- https://rhn.redhat.com/errata/RHSA-2015-0134.html
- https://rhn.redhat.com/errata/RHSA-2015-0133.html
- https://rhn.redhat.com/errata/RHSA-2015-0263.html
- https://rhn.redhat.com/errata/RHSA-2015-0264.html
Frequently Asked Questions
What is the severity of CVE-2014-8892?
CVE-2014-8892 has a CVSSv2 score of 4.3, indicating a moderate severity level.
What versions of IBM JDK are affected by CVE-2014-8892?
CVE-2014-8892 affects IBM JDK versions 5.0 SR16-FP9, 6.0 SR16-FP3, 6.1 SR8-FP3, 7.0 SR8-FP10, and 7.1 SR2-FP10.
What are the mitigation steps for CVE-2014-8892?
To mitigate CVE-2014-8892, upgrade your IBM JDK to the patched versions 5.0 SR16-FP10, 6.1 SR8-FP10, or later as per the respective release notes.
When was CVE-2014-8892 published?
CVE-2014-8892 was published in 2014.
Is a workaround available for CVE-2014-8892?
There are no specific workarounds documented for CVE-2014-8892; updating to a secure version is recommended.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-8892
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm sdk
- version/ibm sdk/5.0.0.0
- version/ibm sdk/5.0.16.8
- version/ibm sdk/6.0.0.0
- version/ibm sdk/6.1.0.0
- version/ibm sdk/6.1.8.2
- version/ibm sdk/7.0.0.0
- version/ibm sdk/7.1.0.0