Inaccessible Interface Method Invocation Vulnerability in Eclipse OpenJ9
CVE-2021-41035
9.8CRITICAL
What is CVE-2021-41035?
Eclipse OpenJ9, prior to version 0.29.0, contains a flaw where the Java Virtual Machine (JVM) fails to generate an IllegalAccessError when method handles attempt to invoke inaccessible interface methods. This oversight could permit unauthorized access to interface functionalities, potentially compromising application integrity and security.
Affected Version(s)
Eclipse OMR < 0.29.0
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved