What is CVE-2019-17631?

CVE-2019-17631 is a vulnerability in Eclipse OpenJ9 that could allow a local attacker to gain elevated privileges on the system.

How can an attacker exploit CVE-2019-17631?

An attacker could exploit CVE-2019-17631 to gain access to diagnostic operations and perform unauthorized actions.

What is the severity of CVE-2019-17631?

The severity of CVE-2019-17631 is high with a severity score of 8.4.

Which software versions are affected by CVE-2019-17631?

Versions 0.15 to 0.16 of Eclipse OpenJ9 are affected by CVE-2019-17631.

How do I fix CVE-2019-17631?

To fix CVE-2019-17631, update to version 1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el6_10 or later for Red Hat Java.

Vulnerability/
CVE-2019-17631

critical

9.1

CWE

269 285

17/10/2019

5/8/2024

CVE-2019-17631

First published: Thu Oct 17 2019(Updated: )

Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to performs an authorization check when an actor attempts to access a resource or perform an action. An attacker could exploit this vulnerability to gain access to diagnostic operations such as causing a GC or creating a diagnostic file.

Credit: emo@eclipse.org

Affected Software	Affected Version	How to fix
redhat/java	<1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el6_10	1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el6_10
redhat/java	<1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el7	1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el7
redhat/java	<1.8.0-ibm-1:1.8.0.6.0-3.el8_1	1.8.0-ibm-1:1.8.0.6.0-3.el8_1
Eclipse Openj9	>=0.15.0<=0.16.0
Redhat Satellite	=5.8
Redhat Enterprise Linux	=8.0
Redhat Enterprise Linux Desktop	=6.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Eus	=8.1
Redhat Enterprise Linux Server	=6.0
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Workstation	=6.0
Redhat Enterprise Linux Workstation	=7.0
	<=All

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2019-17631?
CVE-2019-17631 is a vulnerability in Eclipse OpenJ9 that could allow a local attacker to gain elevated privileges on the system.
How can an attacker exploit CVE-2019-17631?
An attacker could exploit CVE-2019-17631 to gain access to diagnostic operations and perform unauthorized actions.
What is the severity of CVE-2019-17631?
The severity of CVE-2019-17631 is high with a severity score of 8.4.
Which software versions are affected by CVE-2019-17631?
Versions 0.15 to 0.16 of Eclipse OpenJ9 are affected by CVE-2019-17631.
How do I fix CVE-2019-17631?
To fix CVE-2019-17631, update to version 1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el6_10 or later for Red Hat Java.

collector/redhat-cve
collector/nvd-index
agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-17631
agent/weakness
agent/author
agent/severity
agent/last-modified-date
agent/description
agent/references
agent/softwarecombine
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/tags
collector/mitre-cve
source/MITRE
package-manager/redhat
vendor/eclipse
canonical/eclipse openj9
version/eclipse openj9/0.15.0
version/eclipse openj9/0.16.0
vendor/redhat
canonical/redhat satellite
version/redhat satellite/5.8
canonical/redhat enterprise linux
version/redhat enterprise linux/8.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/6.0
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/8.1
canonical/redhat enterprise linux server
version/redhat enterprise linux server/6.0
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/6.0
version/redhat enterprise linux workstation/7.0
vendor/ibm
canonical/ibm engineering requirements quality assistant on-premises
version/ibm engineering requirements quality assistant on-premises/all