First published: Mon Feb 03 2020(Updated: )
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Cognos Controller 10.4.2 | <=IBM Cognos Controller 10.4.2 | |
IBM Cognos Controller 10.4.1 | <=IBM Cognos Controller 10.4.1 | |
IBM Cognos Controller 10.4.0 | <=IBM Cognos Controller 10.4.0 | |
Ibm Sdk | >=7.0.0.0<=7.0.10.55 | |
Ibm Sdk | >=7.1.0.0<=7.1.4.55 | |
Ibm Sdk | >=8.0.0.0<=8.0.6.0 | |
Microsoft Windows | ||
Ibm Websphere Application Server | =7.0 | |
Ibm Websphere Application Server | =8.0 | |
Ibm Websphere Application Server | =8.5 | |
Ibm Websphere Application Server | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-4732 is high with a severity value of 7.2.
CVE-2019-4732 impacts IBM SDK Java Technology Edition versions 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0.
A local authenticated attacker can exploit CVE-2019-4732 to execute arbitrary code on the system.
The affected software by CVE-2019-4732 includes IBM Cognos Controller versions 10.4.0, 10.4.1, and 10.4.2, and IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0.
You can find more information about CVE-2019-4732 on the IBM X-Force Exchange website and the IBM support pages.