CVE-2019-20406
HIGHConfluence < 7.0.5 and 7.1.0 - DLL Hijacking via Global Path Environmental Variable
Title source: llmDescription
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://jira.atlassian.com/browse/CONFSERVER-59428
Scores
CVSS v3
7.8
EPSS
0.0016
EPSS Percentile
36.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (2)
atlassian/confluence
< 7.0.5
atlassian/confluence_server
7.1.0
Published
Feb 06, 2020
Tracked Since
Feb 18, 2026