CVE-2018-1417

CWE-732 — Incorrect Permission Assignment6 documents6 sources

Severity

8.1HIGH

EPSS

1.4%

top 19.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Java SDK

Timeline

PublishedFeb 22

Latest updateMay 13

Description

Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

▶NVDibm/java_sdk5 versions+4

🔴Vulnerability Details

GHSA

GHSA-hjv6-rx46-p2h8: Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7↗2022-05-13

▶

CVEList

CVE-2018-1417: Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7↗2018-02-22

▶

💥Exploits & PoCs

Exploit-DB

iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free↗2019-01-25

▶

📋Vendor Advisories

Red Hat

JDK: J9 JVM allows untrusted code running under a security manager to elevate its privileges↗2018-02-20

▶

💬Community

Bugzilla

CVE-2018-1417 IBM JDK: J9 JVM allows untrusted code running under a security manager to elevate its privileges↗2018-04-18

▶