Untrusted Search Path Vulnerability in IBM i Access for Windows
CVE-2018-1888

5.3MEDIUM

Key Information:

Vendor
IBM
Status
I Access For Windows
Vendor
CVE Published:
4 January 2019

Summary

A vulnerability exists in IBM i Access for Windows that stems from an untrusted search path issue. This flaw allows attackers to execute arbitrary code by placing a malicious DLL in the current working directory. The exploit leverages the LoadLibrary function, compromising the security of affected systems. Users are urged to take proactive measures to safeguard against potential attacks by updating to more secure versions and conducting regular security assessments.

Affected Version(s)

i Access for Windows 7.1

References

http://www.securityfocus.com/bid/106455
vdb-entryx_refsource_BID
https://www.ibm.com/support/docview.wss?uid=ibm10740233
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/152079
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.