Vulnerability Description
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Sdk | 6.0 |
| Redhat | Satellite | 5.6 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Oracle | Enterprise Manager Base Platform | 13.2.0.0.0 |
Related Weaknesses (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=ibm10719653Vendor Advisory
- http://www.securityfocus.com/bid/105118Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041765Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:2568Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2569Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2575Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2576Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2712Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2713Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/144882VDB EntryVendor Advisory
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatchThird Party Advisory
- http://www.ibm.com/support/docview.wss?uid=ibm10719653Vendor Advisory
- http://www.securityfocus.com/bid/105118Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041765Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:2568Third Party Advisory
FAQ
What is CVE-2018-1656?
CVE-2018-1656 is a vulnerability with a CVSS score of 7.4 (HIGH). The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting co...
How severe is CVE-2018-1656?
CVE-2018-1656 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1656?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Sdk, Redhat Satellite, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.