Search...

CVE-2018-1792

2018-11-13T15:29:00

ID CVE-2018-1792
Type cve
Reporter cve@mitre.org
Modified 2019-10-09T23:39:00

Description

IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.

JSON Vulners Source

Initial Source

{"id": "CVE-2018-1792", "bulletinFamily": "NVD", "title": "CVE-2018-1792", "description": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.", "published": "2018-11-13T15:29:00", "modified": "2019-10-09T23:39:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1792", "reporter": "cve@mitre.org", "references": ["https://www.ibm.com/support/docview.wss?uid=ibm10734447", "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947", "http://www.securityfocus.com/bid/105936"], "cvelist": ["CVE-2018-1792"], "type": "cve", "lastseen": "2020-12-09T20:25:38", "edition": 7, "viewCount": 9, "enchantments": {"dependencies": {"references": [], "modified": "2020-12-09T20:25:38", "rev": 2}, "score": {"value": 4.3, "vector": "NONE", "modified": "2020-12-09T20:25:38", "rev": 2}, "vulnersScore": 4.3}, "cpe": ["cpe:/a:ibm:websphere_mq:8.0.0.10", "cpe:/a:ibm:websphere_mq:9.1.0.0", "cpe:/a:ibm:websphere_mq:9.0.0.5", "cpe:/a:ibm:websphere_mq:9.0.5"], "affectedSoftware": [{"cpeName": "ibm:websphere_mq", "name": "ibm websphere mq", "operator": "le", "version": "8.0.0.10"}, {"cpeName": "ibm:websphere_mq", "name": "ibm websphere mq", "operator": "eq", "version": "9.1.0.0"}, {"cpeName": "ibm:websphere_mq", "name": "ibm websphere mq", "operator": "le", "version": "9.0.0.5"}, {"cpeName": "ibm:websphere_mq", "name": "ibm websphere mq", "operator": "le", "version": "9.0.5"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:ibm:websphere_mq:8.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:9.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:9.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:9.0.0.5:*:*:*:*:*:*:*"], "cwe": ["CWE-94"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.0.5:*:*:*:*:*:*:*", "versionEndIncluding": "9.0.0.5", "versionStartIncluding": "9.0.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.10:*:*:*:*:*:*:*", "versionEndIncluding": "8.0.0.10", "versionStartIncluding": "8.0.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.1.0.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.0.5:*:*:*:*:*:*:*", "versionEndIncluding": "9.0.5", "versionStartIncluding": "9.0.1", "vulnerable": true}], "operator": "OR"}]}}

{"nessus": [{"lastseen": "2021-01-20T11:32:45", "description": "The version of IBM MQ Server running on the remote host is affected by a vulnerability that allows a local user to\ninject code that could be executed with root privileges.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-19T00:00:00", "title": "IBM MQ 8.0 <= 8.0.0.10 / 9.0.1 <= 9.0.5 CD / 9.0 <= 9.0.0.5 LTS / 9.1.0.0 LTS (734447)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1792"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:ibm:websphere_mq"], "id": "IBM_MQ_734447.NASL", "href": "https://www.tenable.com/plugins/nessus/145052", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145052);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-1792\");\n\n script_name(english:\"IBM MQ 8.0 <= 8.0.0.10 / 9.0.1 <= 9.0.5 CD / 9.0 <= 9.0.0.5 LTS / 9.1.0.0 LTS (734447)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote web server is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM MQ Server running on the remote host is affected by a vulnerability that allows a local user to\ninject code that could be executed with root privileges.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/734447\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM MQ 8.0.0.11, 9.0.0.6 LTS, 9.1.2 CD, 9.1.0.2 LTS or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1792\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_mq\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_mq_nix_installed.nbin\", \"websphere_mq_installed.nasl\");\n script_require_keys(\"installed_sw/IBM WebSphere MQ\");\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp_info = vcf::get_app_info(app:'IBM WebSphere MQ');\n\nif (app_info['Type'] != 'Server')\n audit(AUDIT_HOST_NOT, 'an affected product');\n\n# Not checking workaround on these versions\nif ((app_info['version'] =~ \"^9.1.1([^0-9.]|$)\" || app_info['version'] =~ \"^9.1.0.1([^0-9.]|$)\") && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\n# check if CD - less than 4 version segments or non-0 3rd (M) segment\n# https://www.ibm.com/support/pages/ibm-mq-faq-long-term-support-and-continuous-delivery-releases\n# We see CD on lab host 172.26.24.107 is detected as: 9.0.3.0\nif (app_info['version'] =~ \"^9\\.([0-9]+\\.?){0,2}$\" || app_info['version'] =~ \"^9\\.[0-9]\\.[1-9]\")\n{\n constraints = [\n { 'min_version' : '9.0.1', 'max_version' : '9.0.5', 'fixed_display' : 'See vendor advisory'}\n ];\n}\nelse\n{\n constraints = [\n { 'min_version' : '8.0', 'max_version' : '8.0.0.10', 'fixed_display' : '8.0.0.11'},\n { 'min_version' : '9.0', 'max_version' : '9.0.0.5', 'fixed_display' : '9.0.0.6'},\n { 'min_version' : '9.1', 'fixed_version' : '9.1.0.2', 'fixed_display' : 'See vendor advisory'}\n ];\n}\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T11:32:45", "description": "The version of IBM MQ Server running on the remote host is affected by a vulnerability that allows a local user to\ninject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-19T00:00:00", "title": "IBM MQ 8.0 <= 8.0.0.10 / 9.0 <= 9.0.0.5 LTS / 9.1 <= 9.1.0.1 LTS (870488)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1792", "CVE-2018-1998"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:ibm:websphere_mq"], "id": "IBM_MQ_870488.NASL", "href": "https://www.tenable.com/plugins/nessus/145053", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145053);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-1998\");\n\n script_name(english:\"IBM MQ 8.0 <= 8.0.0.10 / 9.0 <= 9.0.0.5 LTS / 9.1 <= 9.1.0.1 LTS (870488)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote web server is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM MQ Server running on the remote host is affected by a vulnerability that allows a local user to\ninject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/870488\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM MQ 8.0.0.11, 9.0.0.6, 9.1.0.2 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1998\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_mq\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_mq_nix_installed.nbin\", \"websphere_mq_installed.nasl\");\n script_require_keys(\"installed_sw/IBM WebSphere MQ\");\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp_info = vcf::get_app_info(app:'IBM WebSphere MQ');\n\nif (app_info['Type'] != 'Server')\n audit(AUDIT_HOST_NOT, 'an affected product');\n\nconstraints = [\n { 'min_version' : '8.0', 'max_version': '8.0.0.10', 'fixed_version' : '8.0.0.11'},\n { 'min_version' : '9.0', 'max_version': '9.0.0.5', 'fixed_version' : '9.0.0.6'},\n { 'min_version' : '9.1', 'max_version': '9.1.0.1', 'fixed_version' : '9.1.0.2'}\n ];\n\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}