CVE-2021-41035

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
eclipseopenj9
𝑥
< 0.29.0
𝑥
= Vulnerable software versions
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
java-1.7.1-ibm
RHEL 7
1:1.7.1.5.0-1jpp.1.el7
fixed
java-1.7.1-ibm-demo
RHEL 7
1:1.7.1.5.0-1jpp.1.el7
fixed
java-1.7.1-ibm-devel
RHEL 7
1:1.7.1.5.0-1jpp.1.el7
fixed
java-1.7.1-ibm-jdbc
RHEL 7
1:1.7.1.5.0-1jpp.1.el7
fixed
java-1.7.1-ibm-plugin
RHEL 7
1:1.7.1.5.0-1jpp.1.el7
fixed
java-1.7.1-ibm-src
RHEL 7
1:1.7.1.5.0-1jpp.1.el7
fixed
java-1.8.0-ibm
RHEL 7
1:1.8.0.7.0-1jpp.1.el7
fixed
RHEL 8
1:1.8.0.7.0-1.el8_5
fixed
java-1.8.0-ibm-demo
RHEL 7
1:1.8.0.7.0-1jpp.1.el7
fixed
RHEL 8
1:1.8.0.7.0-1.el8_5
fixed
java-1.8.0-ibm-devel
RHEL 7
1:1.8.0.7.0-1jpp.1.el7
fixed
RHEL 8
1:1.8.0.7.0-1.el8_5
fixed
java-1.8.0-ibm-headless
RHEL 8
1:1.8.0.7.0-1.el8_5
fixed
java-1.8.0-ibm-jdbc
RHEL 7
1:1.8.0.7.0-1jpp.1.el7
fixed
RHEL 8
1:1.8.0.7.0-1.el8_5
fixed
java-1.8.0-ibm-plugin
RHEL 7
1:1.8.0.7.0-1jpp.1.el7
fixed
RHEL 8
1:1.8.0.7.0-1.el8_5
fixed
java-1.8.0-ibm-src
RHEL 7
1:1.8.0.7.0-1jpp.1.el7
fixed
RHEL 8
1:1.8.0.7.0-1.el8_5
fixed
java-1.8.0-ibm-webstart
RHEL 8
1:1.8.0.7.0-1.el8_5
fixed
Common Weakness Enumeration
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=576395
https://github.com/eclipse-openj9/openj9/pull/13740
https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/104
https://security.netapp.com/advisory/ntap-20240621-0006/
https://bugs.eclipse.org/bugs/show_bug.cgi?id=576395
https://github.com/eclipse-openj9/openj9/pull/13740
https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/104
https://security.netapp.com/advisory/ntap-20240621-0006/