Lucene search
EclipseVULNRICHMENT:CVE-2021-28167HistoryApr 21, 2021 - 5:30 p.m.
CVE-2021-28167
2021-04-2117:30:16
CWE-909
eclipse
github.com
2
6.6 Medium
AI Score
Confidence
Low
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values.
CNA Affected
[
{
"vendor": "The Eclipse Foundation",
"product": "Eclipse OpenJ9",
"versions": [
{
"version": "unspecified",
"lessThanOrEqual": "0.25.0",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
ibm
ibm
Security Bulletin: A Security Vulnerability has been identified in the IBM Java SDK as shipped with IBM Security Verify Access.
2023-02-07 20:57:30
osv
osv
CVE-2021-28167
2021-04-21 18:15:08
cve
cve
CVE-2021-28167
2021-04-21 18:15:08
cvelist
cvelist
CVE-2021-28167
2021-04-21 17:30:16
prion
prion
Design/Logic Flaw
2021-04-21 18:15:00
nvd
nvd
CVE-2021-28167
2021-04-21 18:15:08
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2022-12-22 10:09:37
nessus
nessus