Lucene search

[email protected]CVE-2018-1551

HistoryAug 06, 2018 - 2:29 p.m.

CVE-2018-1551

2018-08-0614:29:00

CWE-732

[email protected]

web.nvd.nist.gov

ibm

websphere mq

cve-2018-1551

security

nvd

x-force id 142888

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.9%

JSON

IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.

Affected configurations

Vulners

NVD

Node

ibmwebsphere_mqMatch8.0.0.2

ibmwebsphere_mqMatch8.0.0.4

ibmwebsphere_mqMatch8.0.0.3

ibmwebsphere_mqMatch8.0.0.6

ibmwebsphere_mqMatch8.0.0.5

ibmwebsphere_mqMatch8.0.0.7

ibmwebsphere_mqMatch8.0.0.8

ibmwebsphere_mqMatch9.0.0.0

ibmwebsphere_mqMatch9.0.0.1

ibmwebsphere_mqMatch9.0.0.2

ibmwebsphere_mqMatch9.0.0.3

VendorProductVersionCPE
ibmwebsphere_mq8.0.0.2cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*
ibmwebsphere_mq8.0.0.4cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*
ibmwebsphere_mq8.0.0.3cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*
ibmwebsphere_mq8.0.0.6cpe:2.3:a:ibm:websphere_mq:8.0.0.6:*:*:*:*:*:*:*
ibmwebsphere_mq8.0.0.5cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*
ibmwebsphere_mq8.0.0.7cpe:2.3:a:ibm:websphere_mq:8.0.0.7:*:*:*:*:*:*:*
ibmwebsphere_mq8.0.0.8cpe:2.3:a:ibm:websphere_mq:8.0.0.8:*:*:*:*:*:*:*
ibmwebsphere_mq9.0.0.0cpe:2.3:a:ibm:websphere_mq:9.0.0.0:*:*:*:*:*:*:*
ibmwebsphere_mq9.0.0.1cpe:2.3:a:ibm:websphere_mq:9.0.0.1:*:*:*:*:*:*:*
ibmwebsphere_mq9.0.0.2cpe:2.3:a:ibm:websphere_mq:9.0.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_mq	8.0.0.2	cpe:2.3:a:ibm:websphere_mq:8.0.0.2:::::::*
ibm	websphere_mq	8.0.0.4	cpe:2.3:a:ibm:websphere_mq:8.0.0.4:::::::*
ibm	websphere_mq	8.0.0.3	cpe:2.3:a:ibm:websphere_mq:8.0.0.3:::::::*
ibm	websphere_mq	8.0.0.6	cpe:2.3:a:ibm:websphere_mq:8.0.0.6:::::::*
ibm	websphere_mq	8.0.0.5	cpe:2.3:a:ibm:websphere_mq:8.0.0.5:::::::*
ibm	websphere_mq	8.0.0.7	cpe:2.3:a:ibm:websphere_mq:8.0.0.7:::::::*
ibm	websphere_mq	8.0.0.8	cpe:2.3:a:ibm:websphere_mq:8.0.0.8:::::::*
ibm	websphere_mq	9.0.0.0	cpe:2.3:a:ibm:websphere_mq:9.0.0.0:::::::*
ibm	websphere_mq	9.0.0.1	cpe:2.3:a:ibm:websphere_mq:9.0.0.1:::::::*
ibm	websphere_mq	9.0.0.2	cpe:2.3:a:ibm:websphere_mq:9.0.0.2:::::::*

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "product": "WebSphere MQ",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.0.0.2"
      },
      {
        "status": "affected",
        "version": "8.0.0.4"
      },
      {
        "status": "affected",
        "version": "8.0.0.3"
      },
      {
        "status": "affected",
        "version": "8.0.0.6"
      },
      {
        "status": "affected",
        "version": "8.0.0.5"
      },
      {
        "status": "affected",
        "version": "8.0.0.7"
      },
      {
        "status": "affected",
        "version": "8.0.0.8"
      },
      {
        "status": "affected",
        "version": "9.0.0.0"
      },
      {
        "status": "affected",
        "version": "9.0.0.1"
      },
      {
        "status": "affected",
        "version": "9.0.0.2"
      },
      {
        "status": "affected",
        "version": "9.0.0.3"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105040

exchange.xforce.ibmcloud.com/vulnerabilities/142888

www.ibm.com/support/docview.wss?uid=ibm10716113

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.9%

JSON

Related for CVE-2018-1551

nessus1 ibm1 nvd1 cvelist1 prion1