CVE-2019-20406
Last modified
CVE-2019-20406 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.. EPSS estimates a 0.48% chance of exploitation in the next 30 days.
Description
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Confluence | < 7.0.5 |
| Atlassian | Confluence Server | 7.1.0 |
References
- https://jira.atlassian.com/browse/CONFSERVER-59428Vendor Advisory
- https://jira.atlassian.com/browse/CONFSERVER-59428Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-20406?
How severe is CVE-2019-20406?
How do I fix CVE-2019-20406?
Are you affected by CVE-2019-20406?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST