CVE-2018-1656

HIGH

IBM SDK Java Technology Edition 6.0, 7.0, 8.0 - Path Traversal in Diagnostic Tooling Framework

Title source: llm
STIX 2.1

Description

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.

References (11)

Core 11
Core References
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=ibm10719653
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/144882
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2713
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105118
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2575
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2576
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2568
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2569
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2712
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041765

Scores

CVSS v3 7.4
EPSS 0.0451
EPSS Percentile 90.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (14)
ibm/sdk 6.0
ibm/sdk 7.0
ibm/sdk 8.0
oracle/enterprise_manager_base_platform 13.2.0.0.0
oracle/enterprise_manager_base_platform 13.3.0.0.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_server 7.0
redhat/enterprise_linux_workstation 6.0
... and 4 more
Published Aug 20, 2018
Tracked Since Feb 18, 2026