CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40609 – IBM SDK, Java Technology Edition code execution
https://notcve.org/view.php?id=CVE-2022-40609
02 Aug 2023 — IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069. IBM SDK Java Technology Edition 7.1.5.18 y 8.0.8.0 podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, debido a un fallo de deserialización inseguro. Mediante el envío de da... • https://exchange.xforce.ibmcloud.com/vulnerabilities/236069 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2019-4732
https://notcve.org/view.php?id=CVE-2019-4732
03 Feb 2020 — IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. IBM SDK, Java Technology Edition Versión versiones 7.0.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172618 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1890
https://notcve.org/view.php?id=CVE-2018-1890
11 Mar 2019 — IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081. IBM SDK, Java Technology Edition, en su versión 8 en la plataforma AIX, utiliza RPATHS absolutas, lo que podría facilitar una inyección de código y un escalado de privilegios por usuarios locales. IBM X-Force ID: 152081. • http://www.securityfocus.com/bid/107448 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.4EPSS: 2%CPEs: 14EXPL: 0CVE-2018-1656 – JDK: path traversal flaw in the Diagnostic Tooling Framework
https://notcve.org/view.php?id=CVE-2018-1656
20 Aug 2018 — The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0, 7.0 y 8.0) de IBM Java Runtime Environment no protege contra ataques de salto de directorio cuando se extraen archivos de volcado comprimidos. IBM X-Force ID: 144882. IBM Java SE vers... • http://www.ibm.com/support/docview.wss?uid=ibm10719653 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •