Security Bulletin: IBM MQ Appliance is affected by a cross-site request forgery vulnerability (CVE-2018-1661)

2019-02-2111:25:01

www.ibm.com

0.002 Low

EPSS

Percentile

56.4%

JSON

Summary

IBM MQ Appliance has addressed the following cross-site request forgery vulnerability.

Vulnerability Details

CVEID: CVE-2018-1661
DESCRIPTION: IBM WebSphere DataPower Appliances is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144887> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

Affected Products and Versions

IBM MQ Appliance 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.11

IBM MQ Appliance 9.1 Long Term Support (LTS) Release
Maintenance levels between 9.1.0.0 and 9.1.0.1

IBM MQ Appliance 9.1.x Continuous Delivery (CD) Release
Continuous delivery update 9.1.1

Remediation/Fixes

IBM MQ Appliance 8.0
Apply iFix IT27359 , or later.

IBM MQ Appliance 9.1 Long Term Support (LTS) Release
Apply iFix IT27359 , or later.

IBM MQ Appliance 9.1.x Continuous Delivery (CD) Release
Apply iFix IT27359 , or later.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm mq applianceeqany

CPE	Name	Operator	Version
	ibm mq appliance	eq	any

0.002 Low

EPSS

Percentile

56.4%

JSON

Related for 95A7C2A9AD298AB0237B940B01679FDFE66C871746B2AC17C610D47CF8B5B1D4