CVE-2018-1890

State: PUBLISHED · Published: 2019-03-11 · Updated: 2025-02-13 · Assigner: ibm

Description

IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.

CWE

(none)

Affected

IBM / WebSphere Application Server Patterns — v=1.0.0.0 [affected]; v=1.0.0.7 [affected]; v=2.2.0.0 [affected]; v=2.2.5.3 [affected]
IBM / WebSphere Application Server — v=7.0 [affected]; v=8.0 [affected]; v=8.5 [affected]; v=9.0 [affected]; v=Liberty [affected]
IBM / Runtimes for Java Technology —

CVSS

3.0 score=5.6 severity=MEDIUM CVSS:3.0/A:L/AC:H/AV:L/C:L/I:L/PR:N/S:C/UI:N/E:U/RC:C/RL:O

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/152081 vdb-entry, x_refsource_XF
https://www.ibm.com/support/docview.wss?uid=ibm10873042 x_refsource_CONFIRM
https://www.ibm.com/support/docview.wss?uid=ibm10873332 x_refsource_CONFIRM
https://www.ibm.com/support/docview.wss?uid=ibm10874750 x_refsource_CONFIRM
http://www.securityfocus.com/bid/107448 vdb-entry, x_refsource_BID

Source

cvelistV5-main/cves/2018/1xxx/CVE-2018-1890.json