CVE-2019-20406

CWE-427 CWE-4264 documents4 sources

Severity

7.8HIGH

EPSS

0.2%

top 62.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Confluence Data Center Atlassian Confluence Atlassian Confluence Server

Timeline

PublishedFeb 6

Latest updateMay 24

Description

The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDatlassian/confluence< 7.0.5

▶CVEListV5atlassian/confluence_data_centerunspecified — 7.0.5+2

▶NVDatlassian/confluence_server7.1.0

🔴Vulnerability Details

GHSA

GHSA-gw5q-m62q-j9vf: The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7↗2022-05-24

▶

CVEList

CVE-2019-20406: The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7↗2020-02-06

▶

OSV

python2.7, python3.5, python3.6, python3.7 vulnerabilities↗2019-09-09

▶