CVE-2019-4732

IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ibmCNA
6.5 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
ibmsdk
7.0.0.0 ≤
𝑥
≤ 7.0.10.55
ibmsdk
7.1.0.0 ≤
𝑥
≤ 7.1.4.55
ibmsdk
8.0.0.0 ≤
𝑥
≤ 8.0.6.0
ibmwebsphere_application_server
7.0
ibmwebsphere_application_server
8.0
ibmwebsphere_application_server
8.5
ibmwebsphere_application_server
9.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ibmjava
7.0.0.0
CNA
ibmjava
7.1.0.0
CNA
ibmjava
8.0.0.0
CNA
ibmjava
7.0.10.55
CNA
ibmjava
7.1.4.55
CNA
ibmjava
8.0.6.0
CNA
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/172618
https://www.ibm.com/support/pages/node/1288060
https://exchange.xforce.ibmcloud.com/vulnerabilities/172618
https://www.ibm.com/support/pages/node/1288060