VYPR
Critical severity9.8NVD Advisory· Published Apr 6, 2017· Updated Jun 17, 2026

CVE-2015-8965

CVE-2015-8965

Description

Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called.

Affected products

5
  • cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
  • Rogue Wave/JViews3 versions
    cpe:2.3:a:perforce:jviews:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:perforce:jviews:*:*:*:*:*:*:*:*range: <=8.8
    • cpe:2.3:a:perforce:jviews:8.9:*:*:*:*:*:*:*
    • (no CPE)range: <8.8 patch 21 and <8.9 patch 1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.