CVE-2019-17631
First published: Thu Oct 17 2019(Updated: )
Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to performs an authorization check when an actor attempts to access a resource or perform an action. An attacker could exploit this vulnerability to gain access to diagnostic operations such as causing a GC or creating a diagnostic file.
Credit: emo@eclipse.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse Openj9 | >=0.15.0<=0.16.0 | |
| Redhat Satellite | =5.8 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Eus | =8.1 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| redhat/java | <1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el6_10 | 1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el6_10 |
| redhat/java | <1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el7 |
| redhat/java | <1.8.0-ibm-1:1.8.0.6.0-3.el8_1 | 1.8.0-ibm-1:1.8.0.6.0-3.el8_1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/169513
- https://www.ibm.com/support/pages/node/1120071 (Advisory)
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:4115
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/errata/RHSA-2020:0046
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=552129
- https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_November_2019
- https://access.redhat.com/security/cve/cve-2019-17631
- https://bugzilla.redhat.com/show_bug.cgi?id=1779880
- https://www.cve.org/CVERecord?id=CVE-2019-17631 https://nvd.nist.gov/vuln/detail/CVE-2019-17631
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2019-17631?
CVE-2019-17631 is a vulnerability in Eclipse OpenJ9 that could allow a local attacker to gain elevated privileges on the system.
How can an attacker exploit CVE-2019-17631?
An attacker could exploit CVE-2019-17631 to gain access to diagnostic operations and perform unauthorized actions.
What is the severity of CVE-2019-17631?
The severity of CVE-2019-17631 is high with a severity score of 8.4.
Which software versions are affected by CVE-2019-17631?
Versions 0.15 to 0.16 of Eclipse OpenJ9 are affected by CVE-2019-17631.
How do I fix CVE-2019-17631?
To fix CVE-2019-17631, update to version 1.8.0-ibm-1:1.8.0.6.0-1jpp.1.el6_10 or later for Red Hat Java.
- collector/nvd-index
- collector/ibm-support
- source/IBM
- collector/redhat-cve
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-17631
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/eclipse
- canonical/eclipse openj9
- version/eclipse openj9/0.15.0
- version/eclipse openj9/0.16.0
- vendor/redhat
- canonical/redhat satellite
- version/redhat satellite/5.8
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/8.1
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- version/redhat enterprise linux workstation/7.0
- package-manager/redhat