High severity7.8NVD Advisory· Published Aug 14, 2018· Updated Jun 17, 2026
CVE-2018-12539
CVE-2018-12539
Description
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
30- osv-coords28 versionspkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%207
< 1.7.0_sr10.30-65.28.1+ 27 more
- (no CPE)range: < 1.7.0_sr10.30-65.28.1
- (no CPE)range: < 1.7.0_sr10.30-65.28.1
- (no CPE)range: < 1.7.0_sr10.30-65.28.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-26.29.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-26.29.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-26.29.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.7.1_sr4.30-38.26.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-3.6.2
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- (no CPE)range: < 1.8.0_sr5.20-30.36.1
- The Eclipse Foundation/Eclipse OpenJ9v5Range: 0.8
Patches
Vulnerability mechanics
References
10- www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlnvdPatchThird Party Advisory
- www.securityfocus.com/bid/105126nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1041765nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:2568nvdNot ApplicableThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2569nvdNot ApplicableThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2575nvdNot ApplicableThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2576nvdNot ApplicableThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2712nvdNot ApplicableThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2713nvdNot ApplicableThird Party Advisory
- bugs.eclipse.org/bugs/show_bug.cginvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.