{"containers": {"cna": {"affected": [{"product": "Java", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.0.0.0"}, {"status": "affected", "version": "7.1.0.0"}, {"status": "affected", "version": "8.0.0.0"}, {"status": "affected", "version": "7.0.10.55"}, {"status": "affected", "version": "7.1.4.55"}, {"status": "affected", "version": "8.0.6.0"}]}], "datePublic": "2020-01-31T00:00:00", "descriptions": [{"lang": "en", "value": "IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 6.3, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AC:H/AV:L/PR:H/I:H/C:H/A:H/S:C/UI:R/E:U/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-03T16:45:18", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/1288060"}, {"name": "ibm-sdk-cve20194732-code-exec (172618)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172618"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-01-31T00:00:00", "ID": "CVE-2019-4732", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Java", "version": {"version_data": [{"version_value": "7.0.0.0"}, {"version_value": "7.1.0.0"}, {"version_value": "8.0.0.0"}, {"version_value": "7.0.10.55"}, {"version_value": "7.1.4.55"}, {"version_value": "8.0.6.0"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618."}]}, "impact": {"cvssv3": {"BM": {"A": "H", "AC": "H", "AV": "L", "C": "H", "I": "H", "PR": "H", "S": "C", "UI": "R"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Privileges"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/1288060", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1288060 (Java)", "url": "https://www.ibm.com/support/pages/node/1288060"}, {"name": "ibm-sdk-cve20194732-code-exec (172618)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172618"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:40:48.965Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/1288060"}, {"name": "ibm-sdk-cve20194732-code-exec (172618)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172618"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4732", "datePublished": "2020-02-03T16:45:18.286953Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T22:09:29.963Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sdk:*:*:*:*:java_technology:*:*:*", "matchCriteriaId": "8744D28C-4CBA-4777-89DC-8BBE1AD327A1", "versionEndIncluding": "7.0.10.55", "versionStartIncluding": "7.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sdk:*:*:*:*:java_technology:*:*:*", "matchCriteriaId": "8D4B39C8-9D08-41A6-9173-75FB13F597CF", "versionEndIncluding": "7.1.4.55", "versionStartIncluding": "7.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sdk:*:*:*:*:java_technology:*:*:*", "matchCriteriaId": "05936C33-90D9-46B5-B5F5-52CC13595ABA", "versionEndIncluding": "8.0.6.0", "versionStartIncluding": "8.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "07EBB48B-4EE2-4333-851E-BA1B104FBE92", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "E30E8CE2-9137-4669-AE86-FB8ED0899736", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4F6F77C-2C0D-4A31-B2A0-DB1C4296FF5E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618."}, {"lang": "es", "value": "IBM SDK, Java Technology Edition Versi\u00f3n versiones 7.0.0.0 hasta 7.0.10.55, versiones 7.1.0.0 hasta 7.1.4.55 y versiones 8.0.0.0 hasta 8.0.6.0, podr\u00edan permitir a un atacante autenticado local ejecutar c\u00f3digo arbitrario en el sistema, causado por una vulnerabilidad de secuestro del orden de b\u00fasqueda de DLL en el cliente de Microsoft Windows. Mediante la colocaci\u00f3n de un archivo especialmente dise\u00f1ado en una carpeta comprometida, un atacante podr\u00eda explotar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el sistema. ID de IBM X-Force: 172618."}], "id": "CVE-2019-4732", "lastModified": "2020-02-06T18:24:35.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.6, "impactScore": 6.0, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-03T17:15:14.627", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172618"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/1288060"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "JDK: untrusted DLL search path vulnerability", "id": "1797101", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797101"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-426", "details": ["IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618."], "name": "CVE-2019-4732", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.7.1-ibm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.8.0-ibm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "java-1.7.1-ibm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "java-1.8.0-ibm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "java-1.8.0-ibm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Not affected", "package_name": "java-1.8.0-ibm", "product_name": "Red Hat Satellite 5"}], "public_date": "2020-01-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-4732\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-4732"], "threat_severity": "Important"}