Description
Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.
References (7)
Core 7
Core References
VDB Entry, Vendor Advisory x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/138823
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103216
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040403
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1463
Various Sources x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=isg3T1027315
Various Sources x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22014937
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/docview.wss?uid=swg22012965
Scores
CVSS v3
8.1
EPSS
0.0142
EPSS Percentile
80.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (5)
ibm/java_sdk
6.0.0.0
ibm/java_sdk
6.1.0.0
ibm/java_sdk
7.0.0.0
ibm/java_sdk
7.1.0.0
ibm/java_sdk
8.0.0.0
Published
Feb 22, 2018
Tracked Since
Feb 18, 2026