CVE-2018-1656
HIGHIBM SDK Java Technology Edition 6.0, 7.0, 8.0 - Path Traversal in Diagnostic Tooling Framework
Title source: llmDescription
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.
References (11)
Core 11
Core References
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=ibm10719653
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/144882
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2713
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105118
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2575
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2576
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2568
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2569
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2712
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041765
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Scores
CVSS v3
7.4
EPSS
0.0451
EPSS Percentile
90.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (14)
ibm/sdk
6.0
ibm/sdk
7.0
ibm/sdk
8.0
oracle/enterprise_manager_base_platform
13.2.0.0.0
oracle/enterprise_manager_base_platform
13.3.0.0.0
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_server
7.0
redhat/enterprise_linux_workstation
6.0
... and 4 more
Published
Aug 20, 2018
Tracked Since
Feb 18, 2026