CVE-2018-1890

2019-03-0100:00:00

ibm

www.cve.org

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.

CNA Affected

[
  {
    "product": "WebSphere Application Server Patterns",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0.0"
      },
      {
        "status": "affected",
        "version": "1.0.0.7"
      },
      {
        "status": "affected",
        "version": "2.2.0.0"
      },
      {
        "status": "affected",
        "version": "2.2.5.3"
      }
    ]
  },
  {
    "product": "WebSphere Application Server",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.0"
      },
      {
        "status": "affected",
        "version": "8.0"
      },
      {
        "status": "affected",
        "version": "8.5"
      },
      {
        "status": "affected",
        "version": "9.0"
      },
      {
        "status": "affected",
        "version": "Liberty"
      }
    ]
  },
  {
    "product": "Runtimes for Java Technology",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": " "
      }
    ]
  }
]