IBMA55895AAC54EE7DD13EEC3D46B91480FFA3ED7923E0646B000151371AD64255CSecurity Bulletin: IBM MQ Console has inadequate input validation (CVE-2018-1836)
EPSS
Percentile
25.3%
Summary
The IBM MQ console has inadequate input validation in one of its forms that could allow an attacker to inject unintended data into fields.
Vulnerability Details
CVEID: CVE-2018-1836 DESCRIPTION: IBM MQ Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality and potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150661> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
IBM MQ and IBM MQ Appliance v9 CD
IBM MQ CD versions 9.0.2 - 9.0.5
IBM MQ and IBM MQ Appliance v9.1 LTS
IBM MQ v9.1 LTS versions 9.1.0.0 - 9.1.0.1
Remediation/Fixes
IBM MQ and IBM MQ Appliance V9 CD
IBM MQ V9.1 LTS
Apply fix pack 9.1.0.2 or later.
IBM MQ Appliance V9.1 LTS
Apply fix pack 9.1.0.2 or later.
Workarounds and Mitigations
None
Related
EPSS
Percentile
25.3%