What is CVE-2018-12539?

CVE-2018-12539 is a vulnerability in The Eclipse Foundation Openj9, classified under Unprotected Primary Channel. Published 2018-08-14.

Is CVE-2018-12539 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in The Eclipse Foundation Openj9

CVE-2018-12539

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrus…

EPSS: 0.000 (15.4th percentile) — read the EPSS interpretation.

Affected products

The Eclipse Foundation Openj9 — versions 0.8

Weakness classification (CWE)

CWE-419 — Unprotected Primary Channel

Public proof-of-concept exploits

PalindromeLabs/Java-Deserialization-CVEs

References

RHSA-2018:2713 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:2575 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:2576 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:2568 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:2569 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:2712 (x_refsource_REDHAT, vendor-advisory)
1041765 (vdb-entry, x_refsource_SECTRACK)
105126 (vdb-entry, x_refsource_BID)
bugs.eclipse.org/bugs/show_bug.cgi (x_refsource_CONFIRM)
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-12539?: CVE-2018-12539 is a vulnerability in The Eclipse Foundation Openj9, classified under Unprotected Primary Channel. Published 2018-08-14.
Is CVE-2018-12539 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.