CVE-2021-41035

CWE-250CWE-440CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.1%
top 64.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
THE Eclipse Foundation Eclipse OMREclipse Openj9
Timeline
PublishedOct 25
Latest updateMay 24

Description

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDeclipse/openj9< 0.29.0
CVEListV5the_eclipse_foundation/eclipse_omrunspecified0.29.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-cj9m-62w3-rj89: In Eclipse Openj9 before version 02022-05-24
CVEList
CVE-2021-41035: In Eclipse Openj9 before version 02021-10-25

📋Vendor Advisories

1
Red Hat
JDK: IllegalAccessError exception not thrown for MethodHandles that invoke inaccessible interface methods2021-11-30