CVE-2015-2590

CRITICAL severity · CVSS 9.8 · actively exploited (CISA KEV)

9.8CVSS CRITICAL ● exploited

🔴 Actively exploited in the wild (CISA Known Exploited Vulnerabilities). Added to KEV 2022-03-03. US federal agencies must patch by 2022-03-24.

Summary

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionNone

Confidentiality impactHigh

Integrity impactHigh

Availability impactHigh

Exploit probability (EPSS)67%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products we track (4)

Ubuntu Debian Oracle Java (JDK)SUSE Linux Enterprise

Recommendation

This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.

CVE-2015-2590

Summary

Impact & exploitability

Affected products we track (4)

Recommendation

Additional information