PT-2021-23057 · Eclipse+4 · Eclipse Openj9+4

Peter Shipton

Published

2021-10-25

Updated

2024-06-21

CVE-2021-41035

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Eclipse Openj9 versions prior to 0.29.0

Description The issue is related to the JVM not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. This could potentially allow an attacker to obtain sensitive information, resulting in a low confidentiality impact.

Recommendations For Eclipse Openj9 versions prior to 0.29.0, update to version 0.29.0 or later to resolve the issue. As a temporary workaround, consider restricting access to MethodHandles that invoke interface methods to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-250CWE-440

Related Identifiers

CESA-2022_0345

CVE-2021-41035

OPENSUSE-SU-2022:0108-1

OPENSUSE-SU-2022_0108-1

RHSA-2021:5030

RHSA-2021_5030

RHSA-2022:0310

RHSA-2022:0345

RHSA-2022_0310

RHSA-2022_0345

SUSE-SU-2022:0107-1

SUSE-SU-2022:0108-1

SUSE-SU-2022:0166-1

SUSE-SU-2022:14875-1

SUSE-SU-2022:14876-1

Affected Products

Centos

Eclipse Openj9

Ibm Aix

Red Hat

Suse

PT-2021-23057 · Eclipse+4 · Eclipse Openj9+4

CVE-2021-41035

Weakness Enumeration

Related Identifiers

Affected Products

References · 54