EUVD-2018-12235

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

IBM Java DTFJ lacks protection against path traversal attacks in compressed dump file extraction.

Reporter	Title	Published	Views	Family All 178
IBM Security Bulletins	Security Bulletin: There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Transparent Cloud Tiering. Transparent Cloud Tiering has addressed the applicable CVEs.	4 Dec 201802:00	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Digital Payments	2 Oct 201819:55	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for Email, IBM Content Collector for File Systems, IBM Content Collector for SharePoint and IBM Content Collector for IBM Connections	12 Nov 201813:15	–	ibm
IBM Security Bulletins	Security Bulletin:Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system and The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java does not protect against CVE-2018-1656 and CVE-2018-12539	8 Jul 202121:30	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Command Center (CVE-2018-1656)	31 Oct 201816:50	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1656, CVE-2018-12539)	22 Feb 202219:59	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java affect Rational Build Forge (CVE-2018-1656; CVE-2018-2973; CVE-2018-12539)	14 Dec 201804:00	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester	27 Sep 201805:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Integration Designer	27 Oct 201801:50	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager	28 Jun 202322:10	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "29678f89-13c4-3bbf-84b0-31bfa0f3ba43",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1ff8cff3-f951-36e4-afa5-79f821ad50f4",
        "product": {
          "name": "SDK, Java Technology Edition"
        },
        "product_version": "7.0"
      },
      {
        "id": "85ab46c4-6c2b-3c19-b7b9-ff94c2ea20e4",
        "product": {
          "name": "SDK, Java Technology Edition"
        },
        "product_version": "8.0"
      },
      {
        "id": "c517d1d4-e995-34a9-be83-d6619ec1e542",
        "product": {
          "name": "SDK, Java Technology Edition"
        },
        "product_version": "6.0"
      }
    ]
  }
]

Source	Link
suse	www.suse.com/security/cve/CVE-2018-1656.html
access	www.access.redhat.com/errata/RHSA-2018:2713
access	www.access.redhat.com/errata/RHSA-2018:2712
access	www.access.redhat.com/errata/RHSA-2018:2576
access	www.access.redhat.com/errata/RHSA-2018:2575
access	www.access.redhat.com/errata/RHSA-2018:2569
access	www.access.redhat.com/errata/RHSA-2018:2568
ibm	www.ibm.com/support/docview.wss
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/144882
securityfocus	www.securityfocus.com/bid/105118

07 Oct 2025 00:30Current

7.1High risk

Vulners AI Score7.1

CVSS 36.5 - 7.4

CVSS 24.3

EPSS0.00582