Code Injection and Privilege Escalation in IBM SDK for AIX
CVE-2018-1890

5.6MEDIUM

Key Information:

Vendor

IBM
Status
Websphere Application Server Patterns
Websphere Application Server
Runtimes For Java Technology
Vendor
CVE Published:
11 March 2019

What is CVE-2018-1890?

IBM SDK, Java Technology Edition Version 8 on the AIX platform is susceptible to a vulnerability that employs absolute RPATHs, enabling local users to exploit the vulnerability for code injection and privilege elevation. This poses a significant risk for the integrity and security of systems utilizing this software.

Affected Version(s)

WebSphere Application Server 7.0

WebSphere Application Server 8.0

WebSphere Application Server 8.5

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/152081
vdb-entryx_refsource_XF
https://www.ibm.com/support/docview.wss?uid=ibm10873042
x_refsource_CONFIRM
https://www.ibm.com/support/docview.wss?uid=ibm10873332
x_refsource_CONFIRM

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.