ghsa-gw5q-m62q-j9vf
Vulnerability from github
Published
2022-05-24 17:08
Modified
2022-05-24 17:08
Details
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.
{ "affected": [], "aliases": [ "CVE-2019-20406" ], "database_specific": { "cwe_ids": [ "CWE-426", "CWE-427" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2020-02-06T03:15:00Z", "severity": "MODERATE" }, "details": "The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code \u0026 escalate their privileges via a DLL hijacking vulnerability.", "id": "GHSA-gw5q-m62q-j9vf", "modified": "2022-05-24T17:08:09Z", "published": "2022-05-24T17:08:09Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20406" }, { "type": "WEB", "url": "https://jira.atlassian.com/browse/CONFSERVER-59428" } ], "schema_version": "1.4.0", "severity": [] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.