Description

The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.

Remediation

References

CVE-2019-20406

Related Vulnerabilities

Oracle JRE CVE-2020-2816 Vulnerability (CVE-2020-2816)

WordPress Plugin GD bbPress Attachments Multiple Vulnerabilities (2.2)

WordPress Plugin Claptastic Clap! Button Multiple Cross-Site Scripting Vulnerabilities (1.3)

Apache Denial of service in mod_lua r:parsebody Vulnerability (CVE-2022-29404)

Python Improper Encoding or Escaping of Output Vulnerability (CVE-2020-26116)

Severity

High

Classification

CVE-2019-20406 CWE-427 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities