Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1551

IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.

Published

2018-08-06T14:29:00.717

Last Modified

2024-11-21T04:00:00.117

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 3.1 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

6.4

Weaknesses

Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	websphere_mq	≤ 8.0.0.8	Yes
Application	ibm	websphere_mq	≤ 9.0.0.3	Yes

References

http://www.securityfocus.com/bid/105040 Third Party Advisory, VDB Entry ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/142888 VDB Entry, Vendor Advisory ([email protected])
https://www.ibm.com/support/docview.wss?uid=ibm10716113 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/105040 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/142888 VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/docview.wss?uid=ibm10716113 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)