Veracode Vulnerability DatabaseVERACODE:12721Privilege Escalation
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
java-1.8.0-ibm is vulnerable to privilege escalation attacks. The vulnerability exists as a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges.
| CPE | Name | Operator | Version |
|---|---|---|---|
| java-1.8.0-ibm | eq | 1.8.0.4.1__1jpp.1.el6_8 | |
| java-1.7.1-ibm | eq | 1.7.1.3.40__1jpp.1.el6_7 | |
| java-1.7.1-ibm | eq | 1.7.1.4.1__1jpp.1.el6_8 |
References
www.ibm.com/support/docview.wss?uid=isg3T1027315
www.ibm.com/support/docview.wss?uid=swg22014937
www.securityfocus.com/bid/103216
www.securitytracker.com/id/1040403
access.redhat.com/errata/RHSA-2018:0352
access.redhat.com/errata/RHSA-2018:1463
access.redhat.com/security/cve/CVE-2018-1417
access.redhat.com/security/updates/classification/#critical
developer.ibm.com/javasdk/support/security-vulnerabilities/
exchange.xforce.ibmcloud.com/vulnerabilities/138823
www.ibm.com/support/docview.wss?uid=swg22012965
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P