CVE-2018-1656 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.4 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 69%

Affected Products (NVD)

Vendor	Product	Version
ibm	sdk	6.0
ibm	sdk	7.0
ibm	sdk	8.0
redhat	satellite	5.6
redhat	satellite	5.7
redhat	satellite	5.8
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
oracle	enterprise_manager_base_platform	13.2.0.0.0
oracle	enterprise_manager_base_platform	13.3.0.0.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

ibm-java80

bionic	Fixed 8.0.5.22-0ubuntu1 released
cosmic	dne
trusty	dne
xenial	Fixed 8.0.5.22-0ubuntu1 released

Red Hat Enterprise Linux Releases

Red Hat Product

Release

java-1.7.1-ibm

RHEL 6	1:1.7.1.4.30-1jpp.2.el6_10 fixed
RHEL 7	1:1.7.1.4.30-1jpp.1.el7 fixed

java-1.7.1-ibm-demo

RHEL 6	1:1.7.1.4.30-1jpp.2.el6_10 fixed
RHEL 7	1:1.7.1.4.30-1jpp.1.el7 fixed

java-1.7.1-ibm-devel

RHEL 6	1:1.7.1.4.30-1jpp.2.el6_10 fixed
RHEL 7	1:1.7.1.4.30-1jpp.1.el7 fixed

java-1.7.1-ibm-jdbc

RHEL 6	1:1.7.1.4.30-1jpp.2.el6_10 fixed
RHEL 7	1:1.7.1.4.30-1jpp.1.el7 fixed

java-1.7.1-ibm-plugin

RHEL 6	1:1.7.1.4.30-1jpp.2.el6_10 fixed
RHEL 7	1:1.7.1.4.30-1jpp.1.el7 fixed

java-1.7.1-ibm-src

RHEL 6	1:1.7.1.4.30-1jpp.2.el6_10 fixed
RHEL 7	1:1.7.1.4.30-1jpp.1.el7 fixed

java-1.8.0-ibm

RHEL 6	1:1.8.0.5.20-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.5.20-1jpp.1.el7 fixed

java-1.8.0-ibm-demo

RHEL 6	1:1.8.0.5.20-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.5.20-1jpp.1.el7 fixed

java-1.8.0-ibm-devel

RHEL 6	1:1.8.0.5.20-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.5.20-1jpp.1.el7 fixed

java-1.8.0-ibm-jdbc

RHEL 6	1:1.8.0.5.20-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.5.20-1jpp.1.el7 fixed

java-1.8.0-ibm-plugin

RHEL 6	1:1.8.0.5.20-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.5.20-1jpp.1.el7 fixed

java-1.8.0-ibm-src

RHEL 6	1:1.8.0.5.20-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.5.20-1jpp.1.el7 fixed

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://www.ibm.com/support/docview.wss?uid=ibm10719653

http://www.securityfocus.com/bid/105118

http://www.securitytracker.com/id/1041765

https://access.redhat.com/errata/RHSA-2018:2568

https://access.redhat.com/errata/RHSA-2018:2569

https://access.redhat.com/errata/RHSA-2018:2575

https://access.redhat.com/errata/RHSA-2018:2576

https://access.redhat.com/errata/RHSA-2018:2712

https://access.redhat.com/errata/RHSA-2018:2713

https://exchange.xforce.ibmcloud.com/vulnerabilities/144882

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html