CVE-2018-1656MEDIUM
Description
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.
References
http://www.ibm.com/support/docview.wss?uid=ibm10719653
http://www.securityfocus.com/bid/105118
http://www.securitytracker.com/id/1041765
https://access.redhat.com/errata/RHSA-2018:2568
https://access.redhat.com/errata/RHSA-2018:2569
https://access.redhat.com/errata/RHSA-2018:2575
https://access.redhat.com/errata/RHSA-2018:2576
https://access.redhat.com/errata/RHSA-2018:2712
https://access.redhat.com/errata/RHSA-2018:2713
https://exchange.xforce.ibmcloud.com/vulnerabilities/144882
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Details
Source: MITRE
Published: 2018-08-20
Updated: 2019-10-09
Type: CWE-22
Risk Information
CVSS v2.0
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3.0
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:ibm:sdk:6.0:*:*:*:java_technology:*:*:*
Configuration 2
OR
cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Configuration 3
OR
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 124157 | Oracle Enterprise Manager Cloud Control (Apr 2019 CPU) | Nessus | Misc. | medium |
| 120126 | SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2018:3082-1) | Nessus | SuSE Local Security Checks | critical |
| 118293 | SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:2839-2) | Nessus | SuSE Local Security Checks | critical |
| 118288 | SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:2649-2) | Nessus | SuSE Local Security Checks | medium |
| 117700 | SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:2839-1) | Nessus | SuSE Local Security Checks | critical |
| 117587 | RHEL 6 : java-1.8.0-ibm (RHSA-2018:2713) | Nessus | Red Hat Local Security Checks | critical |
| 117535 | RHEL 6 : java-1.7.1-ibm (RHSA-2018:2712) | Nessus | Red Hat Local Security Checks | medium |
| 117385 | SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:2649-1) | Nessus | SuSE Local Security Checks | medium |
| 112274 | SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:2583-1) | Nessus | SuSE Local Security Checks | medium |
| 112273 | SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:2574-1) | Nessus | SuSE Local Security Checks | medium |
| 112179 | RHEL 6 : java-1.7.1-ibm (RHSA-2018:2576) | Nessus | Red Hat Local Security Checks | medium |
| 112178 | RHEL 6 : java-1.8.0-ibm (RHSA-2018:2575) | Nessus | Red Hat Local Security Checks | critical |
| 112132 | RHEL 7 : java-1.7.1-ibm (RHSA-2018:2569) | Nessus | Red Hat Local Security Checks | medium |
| 112131 | RHEL 7 : java-1.8.0-ibm (RHSA-2018:2568) | Nessus | Red Hat Local Security Checks | critical |