Main Vulnerability Database SB2025032124

SB2025032124 - IBM Cloud Application Performance Management update for Eclipse Openj9

Published: March 21, 2025

Security Bulletin ID SB2025032124

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-3933)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability occurs when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. A local user can exploit the vulnerability to read and write to addresses beyond the end of the array range.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7168124