Code Injection and Privilege Escalation in IBM SDK for AIX
CVE-2018-1890

5.6MEDIUM

Summary

IBM SDK, Java Technology Edition Version 8 on the AIX platform is susceptible to a vulnerability that employs absolute RPATHs, enabling local users to exploit the vulnerability for code injection and privilege elevation. This poses a significant risk for the integrity and security of systems utilizing this software.

Affected Version(s)

WebSphere Application Server 7.0

WebSphere Application Server 8.0

WebSphere Application Server 8.5

References

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.