CVE-2020-4623

7.7HIGH

Key Information:

Vendor: IBM
Status: I2 Ibase
Vendor: CVE Published:; 26 July 2021

Summary

IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. By using a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 184984.

Affected Version(s)

i2 iBase 8.9.13

References

https://www.ibm.com/support/pages/node/6474857

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/184984

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 26, 2021
Vulnerability Reserved
Dec 30, 2019