CVE-2019-4473 - Vulnerability Details - OpenCVE

Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Java

Configuration 1 [-]

OR	cpe:2.3:a:ibm:java:7.0.0.0:::::::*
	cpe:2.3:a:ibm:java:7.1.4.50:::::::*
	cpe:2.3:a:ibm:java:8.0:::::::*

No data.

References

Link	Providers
http://www.ibm.com/support/docview.wss?uid=ibm10960422
https://exchange.xforce.ibmcloud.com/vulnerabilities/163984
https://nvd.nist.gov/vuln/detail/CVE-2019-4473
https://www.cve.org/CVERecord?id=CVE-2019-4473

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2019-08-05T13:40:15.625844Z

Updated: 2024-09-16T17:28:54.997Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-4473

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-08-05T14:15:12.130

Modified: 2024-11-21T04:43:38.913

Link: CVE-2019-4473

Redhat

Severity : Moderate

Publid Date: 2019-08-01T00:00:00Z

Links: CVE-2019-4473 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "Java", "vendor": "IBM", "versions": [{"status": "affected", "version": "7"}, {"status": "affected", "version": "7R1"}, {"status": "affected", "version": "8"}]}], "datePublic": "2019-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.3, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:H/AC:L/A:H/C:H/UI:N/PR:N/AV:L/S:U/RL:O/RC:C/E:U", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-05T13:40:15", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10960422"}, {"name": "ibm-java-cve20194473-priv-escalation (163984)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163984"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-08-01T00:00:00", "ID": "CVE-2019-4473", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Java", "version": {"version_data": [{"version_value": "7"}, {"version_value": "7R1"}, {"version_value": "8"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984."}]}, "impact": {"cvssv3": {"BM": {"A": "H", "AC": "L", "AV": "L", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Privileges"}]}]}, "references": {"reference_data": [{"name": "http://www.ibm.com/support/docview.wss?uid=ibm10960422", "refsource": "CONFIRM", "title": "IBM Security Bulletin 960422 (Java)", "url": "http://www.ibm.com/support/docview.wss?uid=ibm10960422"}, {"name": "ibm-java-cve20194473-priv-escalation (163984)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163984"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:33:37.949Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10960422"}, {"name": "ibm-java-cve20194473-priv-escalation (163984)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163984"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4473", "datePublished": "2019-08-05T13:40:15.625844Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T17:28:54.997Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8BF650-B8F5-467E-8DBF-81788B55F345", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:java:7.1.4.50:*:*:*:*:*:*:*", "matchCriteriaId": "5FD30AB3-E817-4A67-B411-011963DB4B0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:java:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D4DA5845-1740-41C3-8D73-F1E826784497", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984."}, {"lang": "es", "value": "M\u00faltiples archivos binarios en el SDK de IBM , Java Technology Edition versiones 7, 7R y 8, en la plataforma AIX usan RPATH absolutos no seguros, que puede facilitar la inyecci\u00f3n de c\u00f3digo y la escalada de privilegios por parte de los usuarios locales. ID de IBM X-Force: 163984."}], "id": "CVE-2019-4473", "lastModified": "2024-11-21T04:43:38.913", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-05T14:15:12.130", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10960422"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163984"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10960422"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163984"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}