Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. External References: https://exchange.xforce.ibmcloud.com/vulnerabilities/138823
Additional references: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_February_2018 http://www-01.ibm.com/support/docview.wss?uid=swg22012965
IBM JDK packages shipped in Red Hat Enterprise Linux Supplementary 6 and 7 were previously updated to fixed upstream version via the following errata: java-1.8.0-ibm https://access.redhat.com/errata/RHSA-2018:0351 https://access.redhat.com/errata/RHSA-2018:0352 java-1.7.1-ibm https://access.redhat.com/errata/RHSA-2018:0458 https://access.redhat.com/errata/RHSA-2018:0521
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2018:1463 https://access.redhat.com/errata/RHSA-2018:1463