CVE-2019-20406

EPSS 0.16%
Veröffentlicht 06.02.2020 03:15:10
Zuletzt bearbeitet 21.11.2024 04:38:24
Quelle security@atlassian.com
CVE-Watchlists
Login
Unerledigt
Login

The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Atlassian ≫ Confluence Version < 7.0.5

Microsoft ≫ Windows Version-

Atlassian ≫ Confluence Server Version7.1.0

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.368

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://jira.atlassian.com/browse/CONFSERVER-59428

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-20406

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-20406

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-20406

EUVD