Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-12539

Good to know:

icon
icon

Date: August 14, 2018

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no.

Language: Java

Severity Score

Related Resources (12)

https://bugs.eclipse.org/bugs/show_bug.cgi?id=534589
https://access.redhat.com/errata/RHSA-2018:2713
https://access.redhat.com/errata/RHSA-2018:2568
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://access.redhat.com/errata/RHSA-2018:2569
https://access.redhat.com/errata/RHSA-2018:2712
http://www.securityfocus.com/bid/105126
https://nvd.nist.gov/vuln/detail/CVE-2018-12539
https://access.redhat.com/errata/RHSA-2018:2575
https://access.redhat.com/errata/RHSA-2018:2576
http://www.securitytracker.com/id/1041765
https://www.mend.io/vulnerability-database/CVE-2018-12539

Severity Score

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Unprotected Primary Channel

CWE-419

Top Fix

icon

Upgrade Version

Upgrade to version openj9-0.9.0-rc1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us