Local Code Execution Vulnerability in IBM SDK for Java
CVE-2019-4732
7.2HIGH
Summary
A vulnerability exists in IBM SDK, Java Technology Edition that allows local authenticated attackers to execute arbitrary code due to DLL search order hijacking. This can be exploited by placing a specially-crafted file in a compromised folder, enabling the attacker to gain control of the system. This affects multiple versions of the SDK, making it critical for users to apply necessary updates to mitigate this risk.
Affected Version(s)
Java 7.0.0.0
Java 7.1.0.0
Java 8.0.0.0
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved