JDK: privilege escalation via insufficiently restricted access to Attach API

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...

Oracle Database Server Java VM Component Remote Vulnerability

Oracle Database Server is a set of relational database management system of Oracle Oracle. The database management system provides data management, distributed processing and other functions.Java VM is one of the Java virtual machine components. A security vulnerability exists in the Java VM...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2017-10356, CVE-2017-10345)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6, 7, and 8, which are used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An unspecified...

Deserialization of untrusted data

It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain...

CVE-2016-8648

CVE-2016-8648 affects the Karaf container used by Red Hat JBoss Fuse 6.x and Red Hat JBoss A-MQ 6.x. The vulnerability arises from deserializing objects passed to MBeans via JMX operations, which could allow an attacker to execute remote code in the context of the JVM if deserialization gadgets e...

Unspecified Vulnerability in Oracle Database Server (CNVD-2018-24126)

Oracle Database Server is a set of relational database management system of Oracle Oracle. The database management system provides data management, distributed processing and other functions.Java VM is one of the Java virtual machine components. A security vulnerability exists in the Java VM...

Security Bulletin: Multiple security vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2014-3566, CVE-2014-6457)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 5 and 6 that are used by IBM Rational ClearCase. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Integrated Information Core - Oracle CPU April 2016

Summary Oracle released the April 2016 critical patch updates which contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with the IBM WebSphere Application Server. Vulnerability Details New IBM WebSphere Application Server updates are available that...

Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Security Network Protection

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM Security Network Protection. These issues were disclosed as part of the IBM Java SDK updates in June 2015. CVE-2015-0138, CVE-2015-0192, CVE-2015-0204, CVE-2015-0458,...

Security Bulletin: IBM Security Identity Manager Virtual Appliance affected by Java vulnerabilities (CVE-2015-0138 CVE-2015-0204 CVE-2015-1914 CVE-2015-2808 )

Summary IBM Security Identity Manager Virtual Appliance version 7.0 is affected by several Java vulnerabilies. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS...

Unspecified Vulnerability in Oracle Database Server (CNVD-2018-09081)

Oracle Database Server is an object-a relational database management system that provides an open, comprehensive, and integrated approach to information management. An unspecified vulnerability exists in the Java VM component of Oracle Database Server. An attacker could exploit this vulnerability...

Apache JMeter RMI Code Execution PoC (CVE-2018-1297)

PenTestIT RSS Feed Recently, I read about a remote code execution RCE vulnerability; CVE-2018-1297, that affects yet another Apache product - JMeter. As you might know, "The Apache JMeter™ application is open source software, a 100% pure Java application designed to load test functional behavior...

SUSE-SU-2018:0743-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issue: The version was updated to 7.1.4.20 bsc1082810 Security fixes: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677...

SUSE-SU-2018:0694-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: The version was updated to 7.1.4.20 bsc1082810 Security fixes: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677...

JDK: J9 JVM allows untrusted code running under a security manager to elevate its privileges

Under certain circumstances, a flaw in the J9 JVM IBM SDK, Java Technology Edition 7.1 and 8.0 allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823...

SUSE-SU-2018:0665-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Removed java-180-ibm-alsa and java-180-ibm-plugin entries in baselibs.conf due to errors in osc sourcevalidator Version update to 8.0.5.10 bsc1082810 Security fixes: CVE-2018-2639 CVE-2018-2638 CVE-2018-2633 CVE-2018-2637 CVE-2018-2634...

SUSE-SU-2018:0630-1 Security update for java-1_7_1-ibm

This update for java-171-ibm provides the following fix: The version was updated to 7.1.4.20 bsc1082810 Security fixes: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677...

IBM Runtimes for Java Technology J9 JVM Elevation of Privilege Vulnerability

IBM Runtimes for Java Technology is a set of IBM's runtime environment for running Java programs.J9 JVM is used in one of the Java virtual machines. An elevation of privilege vulnerability exists in the J9 JVM in IBM Runtimes for Java Technology. An attacker could exploit this vulnerability to ga...

CVE-2018-1417

Under certain circumstances, a flaw in the J9 JVM IBM SDK, Java Technology Edition 7.1 and 8.0 allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823...

CVE-2018-2680

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks requi...