CVE-2019-4732
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.
IBM SDK, Java Technology Edition Versión versiones 7.0.0.0 hasta 7.0.10.55, versiones 7.1.0.0 hasta 7.1.4.55 y versiones 8.0.0.0 hasta 8.0.6.0, podrían permitir a un atacante autenticado local ejecutar código arbitrario en el sistema, causado por una vulnerabilidad de secuestro del orden de búsqueda de DLL en el cliente de Microsoft Windows. Mediante la colocación de un archivo especialmente diseñado en una carpeta comprometida, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema. ID de IBM X-Force: 172618.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-03 CVE Reserved
- 2020-02-03 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-426: Untrusted Search Path
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/172618 | 2020-02-06 | |
| https://www.ibm.com/support/pages/node/1288060 | 2020-02-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Sdk Search vendor "Ibm" for product "Sdk" | >= 7.0.0.0 <= 7.0.10.55 Search vendor "Ibm" for product "Sdk" and version " >= 7.0.0.0 <= 7.0.10.55" | java_technology |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Sdk Search vendor "Ibm" for product "Sdk" | >= 7.1.0.0 <= 7.1.4.55 Search vendor "Ibm" for product "Sdk" and version " >= 7.1.0.0 <= 7.1.4.55" | java_technology |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Sdk Search vendor "Ibm" for product "Sdk" | >= 8.0.0.0 <= 8.0.6.0 Search vendor "Ibm" for product "Sdk" and version " >= 8.0.0.0 <= 8.0.6.0" | java_technology |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server" | 7.0 Search vendor "Ibm" for product "Websphere Application Server" and version "7.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server" | 8.0 Search vendor "Ibm" for product "Websphere Application Server" and version "8.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server" | 8.5 Search vendor "Ibm" for product "Websphere Application Server" and version "8.5" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server" | 9.0 Search vendor "Ibm" for product "Websphere Application Server" and version "9.0" | - |
Affected
| ||||||