CVE-2019-11771

CWE-264CWE-4265 documents5 sources
Severity
7.8HIGH
EPSS
0.0%
top 86.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
THE Eclipse Foundation Eclipse Openj9Eclipse Openj9
Timeline
PublishedJul 17
Latest updateMay 24

Description

AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDeclipse/openj9< 0.15.0
CVEListV5the_eclipse_foundation/eclipse_openj9unspecified0.15.0

🔴Vulnerability Details

2
GHSA
GHSA-3xjc-j52c-cpx8: AIX builds of Eclipse OpenJ9 before 02022-05-24
CVEList
CVE-2019-11771: AIX builds of Eclipse OpenJ9 before 02019-07-17

📋Vendor Advisories

1
Red Hat
JDK: Insecure RPATH in OpenJ9 on AIX2019-08-01

💬Community

1
Bugzilla
CVE-2019-11771 IBM JDK: Insecure RPATH in OpenJ9 on AIX2019-08-07