CVE-2018-1417

Опубликовано: 22 фев. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.

Ссылки

http://www.ibm.com/support/docview.wss?uid=isg3T1027315
http://www.ibm.com/support/docview.wss?uid=swg22014937
http://www.securityfocus.com/bid/103216
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040403
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:1463
https://exchange.xforce.ibmcloud.com/vulnerabilities/138823
VDB Entry
Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=swg22012965
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg3T1027315
http://www.ibm.com/support/docview.wss?uid=swg22014937
http://www.securityfocus.com/bid/103216
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040403
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:1463
https://exchange.xforce.ibmcloud.com/vulnerabilities/138823
VDB Entry
Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=swg22012965
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:java_sdk:6.0.0.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.1.0.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:7.0.0.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:7.1.0.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:8.0.0.0:*:*:*:technology:*:*:*

EPSS

Процентиль: 80%

0.01417

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

CVE-2018-1417

CVSS3: 7.5

redhat

почти 8 лет назад

GHSA-hjv6-rx46-p2h8

CVSS3: 8.1

github

больше 3 лет назад

SUSE-SU-2018:1764-2

suse-cvrf

больше 7 лет назад

Security update for java-1_7_1-ibm

SUSE-SU-2018:1764-1

suse-cvrf

больше 7 лет назад

Security update for java-1_7_1-ibm

SUSE-SU-2018:1458-1

suse-cvrf

больше 7 лет назад

Security update for java-1_7_0-ibm

EPSS

Процентиль: 80%

0.01417

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-732