Home > Vulnerability Database > CVE-2019-14868

Mend.io Vulnerability Database

CVE-2019-14868

Good to know:

Date: April 2, 2020

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

Language: C

Severity Score

7.4

Related Resources (20)

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-14868

Url: https://access.redhat.com/errata/RHSA-2020:1332

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868

Url: https://access.redhat.com/errata/RHSA-2020:0431

Url: https://access.redhat.com/errata/RHSA-2020:1333

Url: https://access.redhat.com/errata/RHSA-2020:2210

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1757324

Url: https://access.redhat.com/errata/RHSA-2020:0515

Url: https://access.redhat.com/errata/RHSA-2020:0559

Url: https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html

Url: https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2

Url: https://access.redhat.com/errata/RHSA-2020:0568

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14868

Url: https://security-tracker.debian.org/tracker/CVE-2019-14868

Url: https://access.redhat.com/errata/RHSA-2020:5352

Url: https://access.redhat.com/errata/RHSA-2020:5351

Url: http://seclists.org/fulldisclosure/2020/May/53

Url: https://access.redhat.com/security/cve/CVE-2019-14868

Url: https://support.apple.com/kb/HT211170

Url: https://www.mend.io/vulnerability-database/CVE-2019-14868

Severity Score

7.4

Weakness Type (CWE)

Command Injection

CWE-77

Injection

CWE-74

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-14868

Good to know:

Date: April 2, 2020

Language: C

Severity Score

Related Resources (20)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?