CVE-2018-12539
First published: Tue Aug 14 2018(Updated: )
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no.
Credit: emo@eclipse.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse Openj9 | =0.8 | |
| Oracle Enterprise Manager Base Platform | =13.2.0.0.0 | |
| Oracle Enterprise Manager Base Platform | =13.3.0.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/105126
- http://www.securitytracker.com/id/1041765
- https://access.redhat.com/errata/RHSA-2018:2568
- https://access.redhat.com/errata/RHSA-2018:2569
- https://access.redhat.com/errata/RHSA-2018:2575
- https://access.redhat.com/errata/RHSA-2018:2576
- https://access.redhat.com/errata/RHSA-2018:2712
- https://access.redhat.com/errata/RHSA-2018:2713
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=534589
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Frequently Asked Questions
What is CVE-2018-12539?
CVE-2018-12539 is a vulnerability in Eclipse OpenJ9 version 0.8 that allows users other than the process owner to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and execute untrusted native code.
How severe is CVE-2018-12539?
CVE-2018-12539 has a severity rating of 7 (high).
How does CVE-2018-12539 affect Eclipse OpenJ9?
CVE-2018-12539 affects Eclipse OpenJ9 version 0.8, allowing unauthorized users to use Java Attach API and execute untrusted native code.
Does CVE-2018-12539 affect Oracle Enterprise Manager Base Platform?
Yes, CVE-2018-12539 also affects Oracle Enterprise Manager Base Platform versions 13.2.0.0.0 and 13.3.0.0.0.
How can I fix CVE-2018-12539?
To fix CVE-2018-12539, update to a version of Eclipse OpenJ9 or IBM JVM that is not affected by the vulnerability.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-12539
- agent/references
- agent/remedy
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/eclipse
- canonical/eclipse openj9
- version/eclipse openj9/0.8
- vendor/oracle
- canonical/oracle enterprise manager base platform
- version/oracle enterprise manager base platform/13.2.0.0.0
- version/oracle enterprise manager base platform/13.3.0.0.0