CVE-2018-1656

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.

References

http://www.ibm.com/support/docview.wss?uid=ibm10719653

http://www.securityfocus.com/bid/105118

http://www.securitytracker.com/id/1041765

https://access.redhat.com/errata/RHSA-2018:2568

https://access.redhat.com/errata/RHSA-2018:2569

https://access.redhat.com/errata/RHSA-2018:2575

https://access.redhat.com/errata/RHSA-2018:2576

https://access.redhat.com/errata/RHSA-2018:2712

https://access.redhat.com/errata/RHSA-2018:2713

https://exchange.xforce.ibmcloud.com/vulnerabilities/144882

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Details

Source: MITRE

Published: 2018-08-20

Updated: 2019-10-09

Type: CWE-22

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
124157Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)NessusMisc.
high
120126SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2018:3082-1)NessusSuSE Local Security Checks
critical
118293SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:2839-2)NessusSuSE Local Security Checks
critical
118288SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:2649-2)NessusSuSE Local Security Checks
high
117700SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:2839-1)NessusSuSE Local Security Checks
critical
117587RHEL 6 : java-1.8.0-ibm (RHSA-2018:2713)NessusRed Hat Local Security Checks
critical
117535RHEL 6 : java-1.7.1-ibm (RHSA-2018:2712)NessusRed Hat Local Security Checks
high
117385SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:2649-1)NessusSuSE Local Security Checks
high
112274SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:2583-1)NessusSuSE Local Security Checks
high
112273SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:2574-1)NessusSuSE Local Security Checks
high
112179RHEL 6 : java-1.7.1-ibm (RHSA-2018:2576)NessusRed Hat Local Security Checks
high
112178RHEL 6 : java-1.8.0-ibm (RHSA-2018:2575)NessusRed Hat Local Security Checks
critical
112132RHEL 7 : java-1.7.1-ibm (RHSA-2018:2569)NessusRed Hat Local Security Checks
high
112131RHEL 7 : java-1.8.0-ibm (RHSA-2018:2568)NessusRed Hat Local Security Checks
critical