CVE-2019-4473

CWE-427CWE-4266 documents6 sources
Severity
7.8HIGH
EPSS
0.0%
top 84.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Java
Timeline
PublishedAug 5
Latest updateMay 24

Description

Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

ā–¶CVEListV5ibm/java7, 7R1, 8+2
ā–¶NVDibm/java7.0.0.0, 7.1.4.50, 8.0+2

šŸ”“Vulnerability Details

2
GHSA
GHSA-qh47-rvff-ggv7: Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injectiā†—2022-05-24
ā–¶
CVEList
CVE-2019-4473: Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injectiā†—2019-08-05
ā–¶

šŸ’„Exploits & PoCs

1
Exploit-DB
Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injectionā†—2020-02-06
ā–¶

šŸ“‹Vendor Advisories

1
Red Hat
JDK: Insecure RPATH in multiple binaries on AIXā†—2019-08-01
ā–¶

šŸ’¬Community

1
Bugzilla
CVE-2019-4473 IBM JDK: Insecure RPATH in multiple binaries on AIXā†—2019-08-07
ā–¶
CVE-2019-4473 (HIGH CVSS 7.8) | Multiple binaries in IBM SDK | cvebase.io