Main Vulnerability Database Vulnerabilities #VU60083

#VU60083 Improper access control in OpenJ9 - CVE-2021-41035

Published: January 27, 2022

Vulnerability identifier: #VU60083

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-41035

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenJ9

Software vendor:
Eclipse

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. The JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. A remote attacker can send a request to a non-public method and gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

External links

https://github.com/eclipse-openj9/openj9/pull/13740
https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/104
https://bugs.eclipse.org/bugs/show_bug.cgi?id=576395

#VU60083 Improper access control in OpenJ9 - CVE-2021-41035

Description

Remediation

External links

Please verify you're human