CVE-2019-17631
CRITICALEclipse OpenJ9 0.15.0-0.16.0 - Unauthenticated Improper Privilege Management
Title source: llmDescription
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.
References (5)
Core 5
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugs.eclipse.org/bugs/show_bug.cgi?id=552129
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:4113
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:4115
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0006
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0046
Scores
CVSS v3
9.1
EPSS
0.0050
EPSS Percentile
66.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-269
CWE-285
Status
published
Products (10)
eclipse/openj9
0.15.0 - 0.16.0
redhat/enterprise_linux
8.0
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_eus
8.1
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_server
7.0
redhat/enterprise_linux_workstation
6.0
redhat/enterprise_linux_workstation
7.0
redhat/satellite
5.8
Published
Oct 17, 2019
Tracked Since
Feb 18, 2026