CVE-2018-1656
JDK: path traversal flaw in the Diagnostic Tooling Framework
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.
Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0, 7.0 y 8.0) de IBM Java Runtime Environment no protege contra ataques de salto de directorio cuando se extraen archivos de volcado comprimidos. IBM X-Force ID: 144882.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-12-13 CVE Reserved
- 2018-08-20 CVE Published
- 2024-09-16 CVE Updated
- 2024-11-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (13)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/105118 | Third Party Advisory | |
http://www.securitytracker.com/id/1041765 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | 2019-10-09 |
URL | Date | SRC |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=ibm10719653 | 2019-10-09 | |
https://access.redhat.com/errata/RHSA-2018:2568 | 2019-10-09 | |
https://access.redhat.com/errata/RHSA-2018:2569 | 2019-10-09 | |
https://access.redhat.com/errata/RHSA-2018:2575 | 2019-10-09 | |
https://access.redhat.com/errata/RHSA-2018:2576 | 2019-10-09 | |
https://access.redhat.com/errata/RHSA-2018:2712 | 2019-10-09 | |
https://access.redhat.com/errata/RHSA-2018:2713 | 2019-10-09 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/144882 | 2019-10-09 | |
https://access.redhat.com/security/cve/CVE-2018-1656 | 2018-09-17 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1618869 | 2018-09-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ibm Search vendor "Ibm" | Sdk Search vendor "Ibm" for product "Sdk" | 6.0 Search vendor "Ibm" for product "Sdk" and version "6.0" | java_technology |
Affected
| ||||||
Ibm Search vendor "Ibm" | Sdk Search vendor "Ibm" for product "Sdk" | 7.0 Search vendor "Ibm" for product "Sdk" and version "7.0" | java_technology |
Affected
| ||||||
Ibm Search vendor "Ibm" | Sdk Search vendor "Ibm" for product "Sdk" | 8.0 Search vendor "Ibm" for product "Sdk" and version "8.0" | java_technology |
Affected
| ||||||
Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | 5.6 Search vendor "Redhat" for product "Satellite" and version "5.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | 5.7 Search vendor "Redhat" for product "Satellite" and version "5.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | 5.8 Search vendor "Redhat" for product "Satellite" and version "5.8" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Enterprise Manager Base Platform Search vendor "Oracle" for product "Enterprise Manager Base Platform" | 13.2.0.0.0 Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.2.0.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Enterprise Manager Base Platform Search vendor "Oracle" for product "Enterprise Manager Base Platform" | 13.3.0.0.0 Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.3.0.0.0" | - |
Affected
|