Lucene search
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.IBM_JAVA_2018_02_01.NASLHistoryApr 29, 2022 - 12:00 a.m.
IBM Java 7.1 < 7.1.4.20 / 8.0 < 8.0.5.10
2022-04-2900:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
The version of IBM Java installed on the remote host is prior to 7.1 < 7.1.4.20 / 8.0 < 8.0.5.10. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update February 2018 advisory.
- Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.
(CVE-2018-1417)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(160345);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/29");
script_cve_id("CVE-2018-1417");
script_name(english:"IBM Java 7.1 < 7.1.4.20 / 8.0 < 8.0.5.10");
script_set_attribute(attribute:"synopsis", value:
"IBM Java is affected a vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of IBM Java installed on the remote host is prior to 7.1 < 7.1.4.20 / 8.0 < 8.0.5.10. It is, therefore,
affected by a vulnerability as referenced in the IBM Security Update February 2018 advisory.
- Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows
untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.
(CVE-2018-1417)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04021");
# https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#IBM_Security_Update_February_2018
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?50e8b4c3");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the IBM Security Update February 2018 advisory.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1417");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/20");
script_set_attribute(attribute:"patch_publication_date", value:"2018/02/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:java");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ibm_java_nix_installed.nbin", "ibm_java_win_installed.nbin");
script_require_keys("installed_sw/Java");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
var app_list = ['IBM Java'];
var app_info = vcf::java::get_app_info(app:app_list);
var constraints = [
{ 'min_version' : '7.1.0', 'fixed_version' : '7.1.4.20' },
{ 'min_version' : '8.0.0', 'fixed_version' : '8.0.5.10' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
Related
cve
cve
CVE-2018-1417
2018-02-22 19:29:00
redhatcve
redhatcve
CVE-2018-1417
2018-04-18 13:18:53
prion
prion
Code injection
2018-02-22 19:29:00
veracode
veracode
Privilege Escalation
2019-01-15 09:20:54
cvelist
cvelist
CVE-2018-1417
2018-02-20 00:00:00
openvas
openvas
IBM Java SDK Remote Privilege Escalation Vulnerability - Linux
2018-08-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1764-2)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1447-1)
2021-06-09 00:00:00
ibm
ibm
nessus
nessus
SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:1458-1)
2018-05-30 00:00:00
SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:1447-1)
2018-05-29 00:00:00
SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:1764-1)
2018-06-21 00:00:00
redhat
redhat
(RHSA-2018:0521) Important: java-1.7.1-ibm security update
2018-03-14 15:08:27
(RHSA-2018:0458) Important: java-1.7.1-ibm security update
2018-03-07 10:00:22
(RHSA-2018:0352) Critical: java-1.8.0-ibm security update
2018-02-26 21:20:36
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2018-04-30 11:26:59
Related for IBM_JAVA_2018_02_01.NASL