Insufficient Privilege Checks in Eclipse OpenJ9 for Diagnostic Operations
CVE-2019-17631

9.1CRITICAL

Key Information:

Vendor

The Eclipse Foundation

Status
Eclipse Openj9
Vendor
CVE Published:
17 October 2019

What is CVE-2019-17631?

Eclipse OpenJ9 versions 0.15 to 0.16 are susceptible to a vulnerability where access to critical diagnostic operations, such as garbage collection triggering and diagnostic file creation, is allowed without adequate privilege verification. This flaw could enable unauthorized users to perform diagnostic actions that could potentially impact the system's stability and integrity.

Affected Version(s)

Eclipse OpenJ9 0.15 to 0.16 inclusive

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=552129
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:4113
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4115
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.