CVE-2019-17631 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 66%

Affected Products (NVD)

Vendor	Product	Version
eclipse	openj9	0.15.0 ≤ 𝑥 ≤ 0.16.0
redhat	satellite	5.8
redhat	enterprise_linux	8.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	8.1
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0

𝑥

= Vulnerable software versions

Red Hat Enterprise Linux Releases

Red Hat Product

Release

java-1.8.0-ibm

RHEL 6	1:1.8.0.6.0-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.6.0-1jpp.1.el7 fixed
RHEL 8	1:1.8.0.6.0-3.el8_1 fixed
RHEL 8.1 E4S	1:1.8.0.6.0-3.el8_1 fixed
RHEL 8.1 EUS	1:1.8.0.6.0-3.el8_1 fixed

java-1.8.0-ibm-demo

RHEL 6	1:1.8.0.6.0-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.6.0-1jpp.1.el7 fixed
RHEL 8	1:1.8.0.6.0-3.el8_1 fixed
RHEL 8.1 E4S	1:1.8.0.6.0-3.el8_1 fixed
RHEL 8.1 EUS	1:1.8.0.6.0-3.el8_1 fixed

java-1.8.0-ibm-devel

RHEL 6	1:1.8.0.6.0-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.6.0-1jpp.1.el7 fixed
RHEL 8	1:1.8.0.6.0-3.el8_1 fixed
RHEL 8.1 E4S	1:1.8.0.6.0-3.el8_1 fixed
RHEL 8.1 EUS	1:1.8.0.6.0-3.el8_1 fixed

java-1.8.0-ibm-headless

RHEL 8	1:1.8.0.6.0-3.el8_1 fixed
RHEL 8.1 E4S	1:1.8.0.6.0-3.el8_1 fixed
RHEL 8.1 EUS	1:1.8.0.6.0-3.el8_1 fixed

java-1.8.0-ibm-jdbc

RHEL 6	1:1.8.0.6.0-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.6.0-1jpp.1.el7 fixed
RHEL 8	1:1.8.0.6.0-3.el8_1 fixed
RHEL 8.1 E4S	1:1.8.0.6.0-3.el8_1 fixed
RHEL 8.1 EUS	1:1.8.0.6.0-3.el8_1 fixed

java-1.8.0-ibm-plugin

RHEL 6	1:1.8.0.6.0-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.6.0-1jpp.1.el7 fixed
RHEL 8	1:1.8.0.6.0-3.el8_1 fixed
RHEL 8.1 E4S	1:1.8.0.6.0-3.el8_1 fixed
RHEL 8.1 EUS	1:1.8.0.6.0-3.el8_1 fixed

java-1.8.0-ibm-src

RHEL 6	1:1.8.0.6.0-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.6.0-1jpp.1.el7 fixed
RHEL 8	1:1.8.0.6.0-3.el8_1 fixed
RHEL 8.1 E4S	1:1.8.0.6.0-3.el8_1 fixed
RHEL 8.1 EUS	1:1.8.0.6.0-3.el8_1 fixed

java-1.8.0-ibm-webstart

RHEL 8	1:1.8.0.6.0-3.el8_1 fixed
RHEL 8.1 E4S	1:1.8.0.6.0-3.el8_1 fixed
RHEL 8.1 EUS	1:1.8.0.6.0-3.el8_1 fixed

Common Weakness Enumeration

CWE-285 - Improper Authorization
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

https://access.redhat.com/errata/RHSA-2019:4113

https://access.redhat.com/errata/RHSA-2019:4115

https://access.redhat.com/errata/RHSA-2020:0006

https://access.redhat.com/errata/RHSA-2020:0046

https://bugs.eclipse.org/bugs/show_bug.cgi?id=552129

https://access.redhat.com/errata/RHSA-2019:4113

https://access.redhat.com/errata/RHSA-2019:4115

https://access.redhat.com/errata/RHSA-2020:0006

https://access.redhat.com/errata/RHSA-2020:0046

https://bugs.eclipse.org/bugs/show_bug.cgi?id=552129