CVE-2014-8891
CVE-2014-8891 is a critical-severity vulnerability in Ibm Java Sdk with a CVSS 2.0 base score of 10.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Critical (CVSS 2.0 base score 10.0)
- EPSS exploit prediction: 7% (94th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Ibm Java Sdk
- Published:
- Last modified:
Description
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.
Frequently asked questions
- What is CVE-2014-8891?
- Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.
- How severe is CVE-2014-8891?
- CVE-2014-8891 has a CVSS 2.0 base score of 10.0, rated critical severity.
- Is CVE-2014-8891 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 7% (94th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2014-8891?
- CVE-2014-8891 affects Ibm Java Sdk. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2014-8891?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2014-8891 published?
- CVE-2014-8891 was published on 2015-03-06 and last updated on 2026-06-17.
References
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2015-0136.html
- http://rhn.redhat.com/errata/RHSA-2015-0264.html
- http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015
- https://bugzilla.redhat.com/show_bug.cgi?id=1189142
- https://www-304.ibm.com/support/docview.wss?uid=swg21695474
Affected products (1)
- cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*
More vulnerabilities in Ibm Java Sdk
- CVE-2015-5041 — Critical (CVSS 9.1): The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1…
- CVE-2018-1417 — High (CVSS 8.1): Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code…
- CVE-2016-0376 — High (CVSS 8.1): The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6…
- CVE-2016-0363 — High (CVSS 8.1): The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1…
- CVE-2014-8892 — High (CVSS 7.8): Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6…
- CVE-2024-27267 — Medium (CVSS 5.9): The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through…