CVE-2019-6534

HIGH

Gemalto Sentinel Ultrapro Client Library - Uncontrolled Search Path

Title source: rule

Description

The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file.

References (4)

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-19-073-02

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-19-078-01

[Release Notes, Vendor Advisory] https://supportportal.gemalto.com/csm?id=kb_article_view&sysparm_article=KB0017694

[Patch, Third Party Advisory] https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec131.pdf

Scores

CVSS v3 7.8

EPSS 0.0070

EPSS Percentile 71.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (3)

gemalto/sentinel_ultrapro_client_library

Timeline

Published Apr 11, 2019

Tracked Since Feb 18, 2026