CVE-2019-6534

HIGH

Gemalto Sentinel UltraPro Client Library 1.3.0-1.3.2 - Uncontrolled Search Path Element in ux32w.dll

Title source: llm

Description

The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file.

References (4)

Core 4

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://ics-cert.us-cert.gov/advisories/ICSA-19-073-02

Third Party Advisory, US Government Resource x_refsource_misc

https://ics-cert.us-cert.gov/advisories/ICSA-19-078-01

Release Notes, Vendor Advisory x_refsource_misc

https://supportportal.gemalto.com/csm?id=kb_article_view&sysparm_article=KB0017694

Patch, Third Party Advisory x_refsource_confirm

https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec131.pdf

Scores

CVSS v3 7.8

EPSS 0.0153

EPSS Percentile 71.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-427

Status published

Products (3)

gemalto/sentinel_ultrapro_client_library 1.3.0

gemalto/sentinel_ultrapro_client_library 1.3.1

gemalto/sentinel_ultrapro_client_library 1.3.2

Published Apr 11, 2019

Tracked Since Feb 18, 2026