Code Injection and Privilege Escalation in IBM SDK for AIX
CVE-2018-1890
5.6MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 11 March 2019
Summary
IBM SDK, Java Technology Edition Version 8 on the AIX platform is susceptible to a vulnerability that employs absolute RPATHs, enabling local users to exploit the vulnerability for code injection and privilege elevation. This poses a significant risk for the integrity and security of systems utilizing this software.
Affected Version(s)
WebSphere Application Server 7.0
WebSphere Application Server 8.0
WebSphere Application Server 8.5
References
CVSS V3.1
Score:
5.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved