CVE-2018-1656Path Traversal in IBM SDK

CWE-22Path Traversal5 documents5 sources
Severity
6.5MEDIUMNVD
CNA7.4
EPSS
0.6%
top 31.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
IBM SDKOracle Enterprise Manager Base PlatformRedhat Enterprise Linux Desktop+3 more
Timeline
PublishedAug 20
Latest updateMay 13

Description

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

NVDibm/sdk6.0, 7.0, 8.0+2
NVDredhat/satellite5.6, 5.7, 5.8+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-x34g-2xv6-mxf5: The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 62022-05-13
CVEList
CVE-2018-1656: The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 62018-08-20

📋Vendor Advisories

1
Red Hat
JDK: path traversal flaw in the Diagnostic Tooling Framework2018-08-16

💬Community

1
Bugzilla
CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework2018-08-17
CVE-2018-1656 — Path Traversal in IBM SDK | cvebase