The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a dll file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.
h3. Acknowledgment
We would like to thankย Peleg Hadar of SafeBreach Labs for reporting this vulnerability.