CVE-2018-12539

Опубликовано: 14 авг. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no.

Ссылки

http://www.securityfocus.com/bid/105126
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041765
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:2568
Not Applicable
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2569
Not Applicable
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2575
Not Applicable
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2576
Not Applicable
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2712
Not Applicable
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2713
Not Applicable
Third Party Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=534589
Issue Tracking
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch
Third Party Advisory
http://www.securityfocus.com/bid/105126
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041765
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:2568
Not Applicable
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2569
Not Applicable
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2575
Not Applicable
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2576
Not Applicable
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2712
Not Applicable
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2713
Not Applicable
Third Party Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=534589
Issue Tracking
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eclipse:openj9:0.8:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 12%

0.00042

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-419

CWE-502

Связанные уязвимости

CVE-2018-12539

CVSS3: 8.4

redhat

больше 7 лет назад

GHSA-8xmg-5xjr-x475

CVSS3: 7.8

github

больше 3 лет назад

BDU:2019-01762

CVSS3: 7.8

fstec

больше 7 лет назад

Уязвимость виртуальной машины Eclipse OpenJ9, связанная с восстановлением в памяти недостоверной структуры данных, позволяющая нарушителю выполнить произвольный код

SUSE-SU-2018:2649-2

suse-cvrf

больше 7 лет назад

Security update for java-1_7_1-ibm

SUSE-SU-2018:2649-1

suse-cvrf

больше 7 лет назад

Security update for java-1_7_1-ibm

EPSS

Процентиль: 12%

0.00042

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-419

CWE-502