QwikSec

Security Database

CVE

CWE

Training

CVE-2018-1890

Published: Mar 11, 2019

Modified: Feb 13, 2025

PUBLISHED

CVSS v3.0

5.6

MEDIUM

Description

IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.

Vendor	Product	Versions
IBM	WebSphere Application Server Patterns	affected `1.0.0.0` affected `1.0.0.7` affected `2.2.0.0` affected `2.2.5.3`
IBM	WebSphere Application Server	affected `7.0` affected `8.0` affected `8.5` affected `9.0` affected `Liberty`
IBM	Runtimes for Java Technology	All versions

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/A:L/AC:H/AV:L/C:L/I:L/PR:N/S:C/UI:N/E:U/RC:C/RL:O

Availability

Low

Attack Complexity

High

Attack Vector

Local

Confidentiality

Low

Integrity

Low

Privileges Required

None

Scope

Changed

User Interaction

None

References

ibm-sdk-cve20181890-code-exec(152081)

vdb-entry

x_refsource_XF

https://www.ibm.com/support/docview.wss?uid=ibm10873042

x_refsource_CONFIRM

https://www.ibm.com/support/docview.wss?uid=ibm10873332

x_refsource_CONFIRM

https://www.ibm.com/support/docview.wss?uid=ibm10874750

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.