Insufficient Privilege Checks in Eclipse OpenJ9 for Diagnostic Operations
CVE-2019-17631

9.1CRITICAL

Key Information:

Vendor: The Eclipse Foundation
Status: Eclipse Openj9
Vendor: CVE Published:; 17 October 2019

What is CVE-2019-17631?

Eclipse OpenJ9 versions 0.15 to 0.16 are susceptible to a vulnerability where access to critical diagnostic operations, such as garbage collection triggering and diagnostic file creation, is allowed without adequate privilege verification. This flaw could enable unauthorized users to perform diagnostic actions that could potentially impact the system's stability and integrity.

Affected Version(s)

Eclipse OpenJ9 0.15 to 0.16 inclusive

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=552129

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2019:4113

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2019:4115

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2019
Vulnerability Reserved
Oct 16, 2019

The Eclipse Foundation

What is CVE-2019-17631?

Affected Version(s)

References

CVSS V3.1

Timeline