What is the severity of CVE-2019-4732?

The severity of CVE-2019-4732 is high with a severity value of 7.2.

How does CVE-2019-4732 impact IBM SDK Java Technology Edition?

CVE-2019-4732 impacts IBM SDK Java Technology Edition versions 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0.

How can a local attacker exploit CVE-2019-4732?

A local authenticated attacker can exploit CVE-2019-4732 to execute arbitrary code on the system.

What is the affected software by CVE-2019-4732?

The affected software by CVE-2019-4732 includes IBM Cognos Controller versions 10.4.0, 10.4.1, and 10.4.2, and IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0.

Where can I find more information about CVE-2019-4732?

You can find more information about CVE-2019-4732 on the IBM X-Force Exchange website and the IBM support pages.

Vulnerability/
CVE-2019-4732

high

7.2

CWE

426

3/2/2020

20/1/2022

CVE-2019-4732

First published: Mon Feb 03 2020(Updated: )

IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Cognos Controller 10.4.2	<=IBM Cognos Controller 10.4.2
IBM Cognos Controller 10.4.1	<=IBM Cognos Controller 10.4.1
IBM Cognos Controller 10.4.0	<=IBM Cognos Controller 10.4.0
Ibm Sdk	>=7.0.0.0<=7.0.10.55
Ibm Sdk	>=7.1.0.0<=7.1.4.55
Ibm Sdk	>=8.0.0.0<=8.0.6.0
Microsoft Windows
Ibm Websphere Application Server	=7.0
Ibm Websphere Application Server	=8.0
Ibm Websphere Application Server	=8.5
Ibm Websphere Application Server	=9.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6509856

Frequently Asked Questions

What is the severity of CVE-2019-4732?
The severity of CVE-2019-4732 is high with a severity value of 7.2.
How does CVE-2019-4732 impact IBM SDK Java Technology Edition?
CVE-2019-4732 impacts IBM SDK Java Technology Edition versions 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0.
How can a local attacker exploit CVE-2019-4732?
A local authenticated attacker can exploit CVE-2019-4732 to execute arbitrary code on the system.
What is the affected software by CVE-2019-4732?
The affected software by CVE-2019-4732 includes IBM Cognos Controller versions 10.4.0, 10.4.1, and 10.4.2, and IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0.
Where can I find more information about CVE-2019-4732?
You can find more information about CVE-2019-4732 on the IBM X-Force Exchange website and the IBM support pages.

collector/ibm-support
collector/nvd-index
agent/weakness
agent/description
vendor/ibm
canonical/ibm cognos controller 10.4.2
version/ibm cognos controller 10.4.2/ibm cognos controller 10.4.2
canonical/ibm cognos controller 10.4.1
version/ibm cognos controller 10.4.1/ibm cognos controller 10.4.1
canonical/ibm cognos controller 10.4.0
version/ibm cognos controller 10.4.0/ibm cognos controller 10.4.0
canonical/ibm sdk
version/ibm sdk/7.0.0.0
version/ibm sdk/7.0.10.55
version/ibm sdk/7.1.0.0
version/ibm sdk/7.1.4.55
version/ibm sdk/8.0.0.0
version/ibm sdk/8.0.6.0
vendor/microsoft
canonical/microsoft windows
canonical/ibm websphere application server
version/ibm websphere application server/7.0
version/ibm websphere application server/8.0
version/ibm websphere application server/8.5
version/ibm websphere application server/9.0