Homepage

Directory Traversal Affecting java-1_8_0-ibm package, versions <1.8.0_sr5.20-3.6.2

Severity

 Recommended
critical

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
1.4% (87th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Directory Traversal vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-SLES150-JAVA180IBM-2758283
  • published14 Apr 2022
  • disclosed9 Oct 2018
Report a new vulnerability Found a mistake?

Introduced: 9 Oct 2018

CVE-2018-1656  (opens in a new tab)
CWE-22  (opens in a new tab)

How to fix?

Upgrade SLES:15.0 java-1_8_0-ibm to version 1.8.0_sr5.20-3.6.2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream java-1_8_0-ibm package and not the java-1_8_0-ibm package as distributed by SLES. See How to fix? for SLES:15.0 relevant fixed versions and status.

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.