CVE-2019-4732

HIGH Year: 2019
CVSS v3 Score
7.2
High
CVSS v2 Score
6.9
Medium
Weakness Type
CWE-426
View all →

Vulnerability Description

IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.

Related Vulnerabilities

CVE-2018-7365

HIGH
CVSS:7.2(High)

All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations.

CWE-4262018

CVE-2019-19161

HIGH
CVSS:7.2(High)

CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly...

CWE-4262019

CVE-2016-0018

HIGH
CVSS:7.3(High)

Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka ...

CWE-4262016

CVE-2016-10009

HIGH
CVSS:7.3(High)

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-so...

CWE-4262016

CVE-2016-1014

HIGH
CVSS:7.3(High)

Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain priv...

CWE-4262016