Published: 14/08/2018 Updated: 09/10/2019

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no.

Vulnerable Product	Search on Vulmon	Subscribe to Product
eclipse openj9 0.8
oracle enterprise manager base platform 13.2.0.0.0
oracle enterprise manager base platform 13.3.0.0.0

Synopsis Important: java-180-ibm security update Type/Severity Security Advisory: Important Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

Synopsis Important: java-171-ibm security update Type/Severity Security Advisory: Important Topic An update for java-171-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

Synopsis Moderate: java-180-ibm security update Type/Severity Security Advisory: Moderate Topic An update for java-180-ibm is now available for Red Hat Satellite 58Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Moderate: java-171-ibm security update Type/Severity Security Advisory: Moderate Topic An update for java-171-ibm is now available for Red Hat Satellite 56 and Red Hat Satellite 57Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

Synopsis Important: java-180-ibm security update Type/Severity Security Advisory: Important Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

Synopsis Important: java-171-ibm security update Type/Severity Security Advisory: Important Topic An update for java-171-ibm is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

CWE-502 https://bugs.eclipse.org/bugs/show_bug.cgi?id=534589 http://www.securityfocus.com/bid/105126 https://access.redhat.com/errata/RHSA-2018:2569 https://access.redhat.com/errata/RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2576 https://access.redhat.com/errata/RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2713 https://access.redhat.com/errata/RHSA-2018:2712 http://www.securitytracker.com/id/1041765 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2018:2568

CVE-2018-12539

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect