Privilege Elevation Vulnerability in IBM SDK for Java Technology Edition
CVE-2018-1417

8.1HIGH

Key Information:

Vendor

IBM
Status
Sdk, Java Technology Edition
Vendor
CVE Published:
22 February 2018

What is CVE-2018-1417?

A vulnerability exists in the J9 JVM used by IBM SDK for Java Technology Edition versions 7.1 and 8.0, which may allow untrusted code running under a security manager to escalate its privileges. This could potentially enable malicious actors to execute unauthorized actions within the affected environment, compromising the overall system security. It is essential for users to apply available patches and updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

SDK, Java Technology Edition 7.1

SDK, Java Technology Edition 8.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/138823
x_refsource_MISC
http://www.securityfocus.com/bid/103216
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040403
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.