Latest eclipse openj9 Vulnerabilities

CVE-2023-5676
Eclipse OpenJ9 possible infinite busy hang
Eclipse Openj9<0.41.0
redhat/java-1.8.0-ibm<8.0.8.15
IBM Secure Proxy<=6.0.3
IBM Secure Proxy<=6.1.0
CVE-2023-2597
Eclipse Openj9 is vulnerable to a buffer overflow, caused by improper bounds checking by the getCachedUTFString() function. By using specially crafted input, a local authenticated attacker could overf...
Eclipse Openj9<0.38.0
IBM Cloud Pak for Business Automation<=V23.0.1
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF022
IBM Cloud Pak for Business Automation<=V22.0.2 - V22.0.2-IF006 and later fixesV22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes
CVE-2022-3676
Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a specially-crafted request using bytecode, an at...
Eclipse Openj9<0.35.0
IBM Cloud Pak for Business Automation<=V22.0.2
IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF016
IBM Cloud Pak for Business Automation<=V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes
CVE-2021-41041
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified ...
Eclipse Openj9<0.32.0
Oracle Java SE=8
Oracle Java SE=11
CVE-2021-41035
Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persu...
redhat/java<1.8.0-ibm-1:1.8.0.7.0-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.5.0-1jpp.1.el7
redhat/java<1.8.0-ibm-1:1.8.0.7.0-1.el8_5
Eclipse Openj9<0.29.0
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
and 1 more
CVE-2021-28167
Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by a flaw in the jdk.internal.reflect.ConstantPool API. By sending a specially-crafted request, an attacker could e...
Eclipse Openj9<=0.25.0
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM Cognos Analytics<=11.1.1-11.1.7 FP7
CVE-2020-27221
Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a rem...
redhat/java<1.8.0-ibm-1:1.8.0.6.25-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.4.80-1jpp.1.el7
redhat/java<1.8.0-ibm-1:1.8.0.6.25-2.el8_3
Eclipse Openj9<=0.23.0
CVE-2019-17639
Eclipse OpenJ9 could allow a remote attacker to obtain sensitive information, caused by the premature return of the current method with an undefined return value. By invoking the System.arraycopy meth...
redhat/java<1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el6_10
redhat/java<1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el7
redhat/java<1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7
redhat/java<1.8.0-ibm-1:1.8.0.6.15-1.el8_2
Eclipse Openj9<=0.20.0
Eclipse Openj9=0.21.0
and 2 more
CVE-2019-17631
Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to performs an authorization check when an actor attempts to access a resource or perform a...
Eclipse Openj9>=0.15.0<=0.16.0
Redhat Satellite=5.8
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Eus=8.1
and 7 more
CVE-2019-11775
All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that ...
Eclipse Openj9<0.15.0
Redhat Satellite=5.8
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Server=7.0
and 2 more
CVE-2019-11772
IBM JDK 8 SR5 FP40 (8.0.5.40) fixes a flaw described by upstream as: Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write in the Str...
Eclipse Openj9<0.15.0
CVE-2019-11771
AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
Eclipse Openj9<0.15.0
CVE-2019-10245
In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detect...
Eclipse Openj9<0.14.0
Redhat Satellite=5.8
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=6.0
and 3 more
CVE-2018-12547
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the a...
Eclipse Openj9<0.12.0
Redhat Satellite=5.8
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Server=7.0
and 2 more
CVE-2018-12549
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
Eclipse Openj9=0.11.0
Redhat Satellite=5.8
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Server=7.0
and 2 more
CVE-2018-12548
Eclipse Openj9=0.11.0
CVE-2018-12539
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which...
Eclipse Openj9=0.8
Oracle Enterprise Manager Base Platform=13.2.0.0.0
Oracle Enterprise Manager Base Platform=13.3.0.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203