PT-2020-10423 · Apache+2 · Apache Tomcat+2

Peleg Hadar

Published

2020-02-06

Updated

2021-12-13

CVE-2019-20406

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Confluence versions prior to 7.0.5 Confluence versions 7.1.0 through 7.1.0

Description The issue allows local system attackers with permission to write a DLL file in a directory in the global path environmental variable to inject code and escalate their privileges via a DLL hijacking vulnerability. This occurs when using Tomcat in Confluence on the Microsoft Windows operating system.

Recommendations For Confluence versions prior to 7.0.5, update to version 7.0.5 or later. For Confluence versions 7.1.0, update to version 7.1.1 or later.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2019-20406

Affected Products

Confluence

Windows

Apache Tomcat

PT-2020-10423 · Apache+2 · Apache Tomcat+2

CVE-2019-20406

Weakness Enumeration

Related Identifiers

Affected Products

References · 4