Critical severity9.8NVD Advisory· Published Apr 6, 2017· Updated May 13, 2026

CVE-2015-8965

Description

Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlnvdPatch
rwkbp.makekb.comnvdVendor Advisory
www.oracle.com/security-alerts/cpujan2021.htmlnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000