Improper Access Control

2019-05-1602:18:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

46.4%

JSON

Oracle Java SE is vulnerable to improper access control vulnerability. This is because the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file.

CPENameOperatorVersion
java-1.8.0-openjdkeq1.8.0.45__35.b13.el6
java-1.8.0-openjdkeq1.8.0.121__0.b13.el6_8
java-1.8.0-openjdkeq1.8.0.77__0.b03.el6_7
java-1.8.0-openjdkeq1.8.0.45__28.b13.el6_6
java-1.8.0-openjdkeq1.8.0.91__1.b14.el6
java-1.8.0-openjdkeq1.8.0.20__3.b26.el6
java-1.8.0-openjdkeq1.8.0.141__3.b16.el6_9
java-1.8.0-openjdkeq1.8.0.65__0.b17.el6_7
java-1.8.0-openjdkeq1.8.0.111__0.b15.el6_8
java-1.8.0-openjdkeq1.8.0.91__0.b14.el6_7

Name	Operator	Version
java-1.8.0-openjdk	eq	1.8.0.45__35.b13.el6
java-1.8.0-openjdk	eq	1.8.0.121__0.b13.el6_8
java-1.8.0-openjdk	eq	1.8.0.77__0.b03.el6_7
java-1.8.0-openjdk	eq	1.8.0.45__28.b13.el6_6
java-1.8.0-openjdk	eq	1.8.0.91__1.b14.el6
java-1.8.0-openjdk	eq	1.8.0.20__3.b26.el6
java-1.8.0-openjdk	eq	1.8.0.141__3.b16.el6_9
java-1.8.0-openjdk	eq	1.8.0.65__0.b17.el6_7
java-1.8.0-openjdk	eq	1.8.0.111__0.b15.el6_8
java-1.8.0-openjdk	eq	1.8.0.91__0.b14.el6_7