CVE-2019-4732

Name of the Vulnerable Software and Affected Versions IBM SDK, Java Technology Edition versions 7.0.0.0 through 7.0.10.55 IBM SDK, Java Technology Edition versions 7.1.0.0 through 7.1.4.55 IBM SDK, Java Technology Edition versions 8.0.0.0 through 8.0.6.0

Description The issue is related to a DLL search order hijacking vulnerability in Microsoft Windows client. This could allow a local authenticated attacker to execute arbitrary code on the system by placing a specially-crafted file in a compromised folder.

Recommendations For versions 7.0.0.0 through 7.0.10.55, update to a version outside of this range to mitigate the risk. For versions 7.1.0.0 through 7.1.4.55, update to a version outside of this range to mitigate the risk. For versions 8.0.0.0 through 8.0.6.0, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to compromised folders to minimize the risk of exploitation.