i2 iBase is vulnerable to DLL highjacking attacks.
CVEID:CVE-2020-4623
**DESCRIPTION:**IBM i2 iBase could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. By using a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184984 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM i2 iBase | 8.9.13 |
Please visit your IBM customer portal to upgrade to iBase 9
None