Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM94189492419361FC7A7C1F5B63D42432D69D205870923B5F38E59918284E387F
HistorySep 14, 2022 - 3:28 p.m.

Security Bulletin: CVE-2019-4732 vulnerabilitiy in IBM Java Runtime affects IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager

2022-09-1415:28:14
www.ibm.com
18
ibm java runtime
ibm process designer
ibm business automation workflow
ibm business process manager
dll search order hijacking
ibm sdk
java technology edition
cve-2019-4732

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

A vulnerabilitiy exists in IBM® Runtime Environment Java™ Versions 6 and 7 used by the desktop version of IBM Process Designer. IBM Process Designer has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2019-4732
**DESCRIPTION:**IBM SDK, Java Technology Edition Version could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172618 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)

Affected Products and Versions

Affected products Versions
IBM Business Automation Workflow 18.0.0.0 - 19.0.0.3
IBM Business Process Manager 8.6-8.6 CF2018.03
IBM Business Process Manager 8.5.7 2017.06

Remediation/Fixes

Install interim fix JR61918 for your version:

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmbusiness_automation_workflowMatch18.0.0.1
OR
ibmbusiness_automation_workflowMatch19.0.0.3
OR
ibmbusiness_process_managerMatch8.5.0standard
OR
ibmbusiness_process_managerMatch8.5.7standard
OR
ibmbusiness_process_managerMatch2017.06standard
OR
ibmbusiness_process_managerMatch8.5.0express
OR
ibmbusiness_process_managerMatch8.5.7express
OR
ibmbusiness_process_managerMatch2017.06express
OR
ibmbusiness_process_managerMatch8.6express
OR
ibmbusiness_process_managerMatch8.6express
OR
ibmbusiness_process_managerMatch2018.03express
OR
ibmbusiness_process_managerMatch8.5.0advanced
OR
ibmbusiness_process_managerMatch8.5.7advanced
OR
ibmbusiness_process_managerMatch2017.06advanced
OR
ibmbusiness_process_managerMatch8.6advanced
OR
ibmbusiness_process_managerMatch8.6advanced
OR
ibmbusiness_process_managerMatch2018.03advanced
OR
ibmbusiness_process_managerMatch8.6
OR
ibmbusiness_process_managerMatch8.6
OR
ibmbusiness_process_managerMatch2018.03

Related

ibm 131
prion 1
cvelist 1
cve 1
nessus 3
redhatcve 1
nvd 1
openvas 2
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software
2020-05-19 15:27:17
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester
2020-05-08 18:12:50
Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct for Microsoft Windows
2020-07-24 22:19:08
prion
prion
Spoofing
2020-02-03 17:15:00
cvelist
cvelist
CVE-2019-4732
2020-01-31 00:00:00
cve
cve
CVE-2019-4732
2020-02-03 17:15:14
nessus
nessus
IBM Java 8.0 < 8.0.6.5
2022-04-29 00:00:00
SUSE SLED15 / SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2020:0466-1)
2020-02-26 00:00:00
SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2020:0528-1)
2020-03-02 00:00:00
redhatcve
redhatcve
CVE-2019-4732
2020-01-31 23:36:37
nvd
nvd
CVE-2019-4732
2020-02-03 17:15:14
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:0466-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0528-1)
2021-04-19 00:00:00

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for 94189492419361FC7A7C1F5B63D42432D69D205870923B5F38E59918284E387F
ibm131prion1cvelist1cve1nessus3redhatcve1nvd1openvas2