CVE-2017-1376

A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
ibmoperations_analytics_predictive_insights
1.3.0
ibmoperations_analytics_predictive_insights
1.3.1
ibmoperations_analytics_predictive_insights
1.3.2
ibmoperations_analytics_predictive_insights
1.3.3
ibmoperations_analytics_predictive_insights
1.3.5
ibmoperations_analytics_predictive_insights
1.3.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ibm-java80
artful
dne
bionic
Fixed 8.0.5.16-0ubuntu1
released
trusty
dne
xenial
Fixed 8.0.5.16-0ubuntu1
released
zesty
dne
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
java-1.7.1-ibm
RHEL 6
1:1.7.1.4.10-1jpp.2.el6_9
fixed
RHEL 7
1:1.7.1.4.10-1jpp.3.el7
fixed
java-1.7.1-ibm-demo
RHEL 6
1:1.7.1.4.10-1jpp.2.el6_9
fixed
RHEL 7
1:1.7.1.4.10-1jpp.3.el7
fixed
java-1.7.1-ibm-devel
RHEL 6
1:1.7.1.4.10-1jpp.2.el6_9
fixed
RHEL 7
1:1.7.1.4.10-1jpp.3.el7
fixed
java-1.7.1-ibm-jdbc
RHEL 6
1:1.7.1.4.10-1jpp.2.el6_9
fixed
RHEL 7
1:1.7.1.4.10-1jpp.3.el7
fixed
java-1.7.1-ibm-plugin
RHEL 6
1:1.7.1.4.10-1jpp.2.el6_9
fixed
RHEL 7
1:1.7.1.4.10-1jpp.3.el7
fixed
java-1.7.1-ibm-src
RHEL 6
1:1.7.1.4.10-1jpp.2.el6_9
fixed
RHEL 7
1:1.7.1.4.10-1jpp.3.el7
fixed
java-1.8.0-ibm
RHEL 6
1:1.8.0.4.10-1jpp.1.el6_9
fixed
RHEL 7
1:1.8.0.4.10-1jpp.3.el7
fixed
java-1.8.0-ibm-demo
RHEL 6
1:1.8.0.4.10-1jpp.1.el6_9
fixed
RHEL 7
1:1.8.0.4.10-1jpp.3.el7
fixed
java-1.8.0-ibm-devel
RHEL 6
1:1.8.0.4.10-1jpp.1.el6_9
fixed
RHEL 7
1:1.8.0.4.10-1jpp.3.el7
fixed
java-1.8.0-ibm-jdbc
RHEL 6
1:1.8.0.4.10-1jpp.1.el6_9
fixed
RHEL 7
1:1.8.0.4.10-1jpp.3.el7
fixed
java-1.8.0-ibm-plugin
RHEL 6
1:1.8.0.4.10-1jpp.1.el6_9
fixed
RHEL 7
1:1.8.0.4.10-1jpp.3.el7
fixed
java-1.8.0-ibm-src
RHEL 6
1:1.8.0.4.10-1jpp.1.el6_9
fixed
RHEL 7
1:1.8.0.4.10-1jpp.3.el7
fixed
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=swg22007305&myns=swgtiv&mynp=OCSSJQQ3&mync=E&cm_sp=swgtiv-_-OCSSJQQ3-_-E
https://access.redhat.com/errata/RHSA-2017:2469
https://access.redhat.com/errata/RHSA-2017:2481
https://exchange.xforce.ibmcloud.com/vulnerabilities/126873
http://www.ibm.com/support/docview.wss?uid=swg22007305&myns=swgtiv&mynp=OCSSJQQ3&mync=E&cm_sp=swgtiv-_-OCSSJQQ3-_-E
https://access.redhat.com/errata/RHSA-2017:2469
https://access.redhat.com/errata/RHSA-2017:2481
https://exchange.xforce.ibmcloud.com/vulnerabilities/126873