Lucene search

K
cve[email protected]CVE-2018-1551
HistoryAug 06, 2018 - 2:29 p.m.

CVE-2018-1551

2018-08-0614:29:00
CWE-732
web.nvd.nist.gov
50
ibm
websphere mq
cve-2018-1551
security
nvd
x-force id 142888

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.8%

IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.

Affected configurations

Vulners
NVD
Node
ibmwebsphere_mqMatch8.0.0.2
OR
ibmwebsphere_mqMatch8.0.0.4
OR
ibmwebsphere_mqMatch8.0.0.3
OR
ibmwebsphere_mqMatch8.0.0.6
OR
ibmwebsphere_mqMatch8.0.0.5
OR
ibmwebsphere_mqMatch8.0.0.7
OR
ibmwebsphere_mqMatch8.0.0.8
OR
ibmwebsphere_mqMatch9.0.0.0
OR
ibmwebsphere_mqMatch9.0.0.1
OR
ibmwebsphere_mqMatch9.0.0.2
OR
ibmwebsphere_mqMatch9.0.0.3
VendorProductVersionCPE
ibmwebsphere_mq8.0.0.2cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*
ibmwebsphere_mq8.0.0.4cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*
ibmwebsphere_mq8.0.0.3cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*
ibmwebsphere_mq8.0.0.6cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*
ibmwebsphere_mq8.0.0.5cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*
ibmwebsphere_mq8.0.0.7cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*
ibmwebsphere_mq8.0.0.8cpe:2.3:a:ibm:websphere_mq:8.0.0.8:*:*:*:*:*:*:*
ibmwebsphere_mq9.0.0.0cpe:2.3:a:ibm:websphere_mq:9.0.0.0:*:*:*:*:*:*:*
ibmwebsphere_mq9.0.0.1cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*
ibmwebsphere_mq9.0.0.2cpe:2.3:a:ibm:websphere_mq:9.0.0.2:*:*:*:*:*:*:*
Rows per page:
1-10 of 111

CNA Affected

[
  {
    "product": "WebSphere MQ",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.0.0.2"
      },
      {
        "status": "affected",
        "version": "8.0.0.4"
      },
      {
        "status": "affected",
        "version": "8.0.0.3"
      },
      {
        "status": "affected",
        "version": "8.0.0.6"
      },
      {
        "status": "affected",
        "version": "8.0.0.5"
      },
      {
        "status": "affected",
        "version": "8.0.0.7"
      },
      {
        "status": "affected",
        "version": "8.0.0.8"
      },
      {
        "status": "affected",
        "version": "9.0.0.0"
      },
      {
        "status": "affected",
        "version": "9.0.0.1"
      },
      {
        "status": "affected",
        "version": "9.0.0.2"
      },
      {
        "status": "affected",
        "version": "9.0.0.3"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.8%

Related for CVE-2018-1551