QwikSec

Security Database

CVE

CWE

Training

CVE-2018-12539

Published: Aug 14, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no.

Vendor	Product	Versions
The Eclipse Foundation	Eclipse OpenJ9	affected `0.8`

Weaknesses (CWE)

References

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

https://bugs.eclipse.org/bugs/show_bug.cgi?id=534589

x_refsource_CONFIRM

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.