Security Bulletin: Multiple vulnerabilities in scala-compiler-2.11.8.jar affect IBM Application Performance Management products

Summary There are multiple vulnerabilities in scala-compiler-2.11.8.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2017-15288 DESCRIPTION: Scala could allow a local authenticated attacke...

High severity vulnerability that affects org.scala-lang:scala-compiler

The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/$USER:shared/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges...

GHSA-QVXV-PMQ9-4Q7G High severity vulnerability that affects org.scala-lang:scala-compiler

The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/$USER:shared/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges...

ai.grakn:client-java (=1.3.0), ai.grakn:grakn-bootup (=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +2597 more potentially affected by CVE-2017-15288 via org.scala-lang:scala-compiler (>=2.10.0-M1 <=2.10.6)

org.scala-lang:scala-compiler MAVEN version =2.10.0-M1, =1.0.0, =0.7.0, =0.12.0, =1.2.0, =0.12.0, =1.0.0, =1.0.0, =0.10.0, =0.6.1, =0.17.0, =1.1.0 and more Source cves: CVE-2017-15288 Source advisory: OSV:GHSA-QVXV-PMQ9-4Q7G...

Arbitrary Code Execution

scala-compiler is vulnerable to arbitrary code execution. A malicious user can write and execute arbitrary scala class files on the system through the compiler daemon due to weak permissions for private files in /tmp/scala-devel/$USER:shared/scalac-compile-server-port...