Main Vulnerability Database Vulnerabilities #VU60083

Improper access control in OpenJ9 - CVE-2021-41035

Published: January 27, 2022

Vulnerability identifier: #VU60083

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-41035

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Eclipse

Affected software:
OpenJ9

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. The JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. A remote attacker can send a request to a non-public method and gain unauthorized access to the application.

How to mitigate CVE-2021-41035

Install updates from vendor's website.

Sources

https://github.com/eclipse-openj9/openj9/pull/13740
https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/104
https://bugs.eclipse.org/bugs/show_bug.cgi?id=576395

Improper access control in OpenJ9 - CVE-2021-41035

Detailed vulnerability description

How to mitigate CVE-2021-41035

Sources

Please verify you're human