CVE-2018-1890

CWE-427 CWE-4265 documents5 sources

Severity

7.8HIGH

EPSS

0.1%

top 77.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server IBM Websphere Application Server Patterns IBM SDK

Timeline

PublishedMar 11

Latest updateMay 13

Description

IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:LExploitability: 1.4 | Impact: 3.7

Affected Packages3 packages

▶NVDibm/sdk8.0

▶CVEListV5ibm/websphere_application_server5 versions+4

▶CVEListV5ibm/websphere_application_server_patterns4 versions+3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-qwwq-984w-2342: IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by loc↗2022-05-13

▶

CVEList

CVE-2018-1890: IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by loc↗2019-03-11

▶

📋Vendor Advisories

Red Hat

JDK: local privilege escalation via insecure RPATHs↗2019-03-01

▶

💬Community

Bugzilla

CVE-2018-1890 IBM JDK: local privilege escalation via insecure RPATHs↗2019-03-05

▶