Local Code Execution Vulnerability in IBM SDK for Java
CVE-2019-4732

7.2HIGH

Key Information:

Vendor
IBM
Status
Vendor
CVE Published:
3 February 2020

Summary

A vulnerability exists in IBM SDK, Java Technology Edition that allows local authenticated attackers to execute arbitrary code due to DLL search order hijacking. This can be exploited by placing a specially-crafted file in a compromised folder, enabling the attacker to gain control of the system. This affects multiple versions of the SDK, making it critical for users to apply necessary updates to mitigate this risk.

Affected Version(s)

Java 7.0.0.0

Java 7.1.0.0

Java 8.0.0.0

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.