IBM71908D8C2BAC230B2E1A8F74999A24931B0BE30A18D7A7D4B1310C9974370E28Security Bulletin: IBM MQ Appliance is affected by an unauthorized access vulnerability (CVE-2018-1668)
0.001 Low
EPSS
Percentile
45.8%
Summary
IBM MQ Appliance has addressed the following unauthorized access vulnerability.
Vulnerability Details
CVEID: CVE-2018-1668
**DESCRIPTION:*IBM WebSphere DataPower Appliances allows “null” logins which could give read access to IPMI data to obtain sensitive information.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144894> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM MQ Appliance 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.11
IBM MQ Appliance 9.1 Long Term Support (LTS) Release
Maintenance levels between 9.1.0.0 and 9.1.0.1
IBM MQ Appliance 9.1.x Continuous Delivery (CD) Release
Continuous delivery update 9.1.1
Remediation/Fixes
IBM MQ Appliance 8.0
Apply iFix IT27359 , or later.
IBM MQ Appliance 9.1 Long Term Support (LTS) Release
Apply iFix IT27359 , or later.
IBM MQ Appliance 9.1.x Continuous Delivery (CD) Release
Apply iFix IT27359 , or later.
Workarounds and Mitigations
Only affects the IBM MQ Appliance when the IPMI interface is enabled.
Related
0.001 Low
EPSS
Percentile
45.8%