IBMD12A10B1DE2084B5B21931CC0329087DB99363DC499D6E65E87AEAE1773A0563Security Bulletin: IBM MQ Appliance is affected by a UI message injection vulnerability (CVE-2018-1666)
0.001 Low
EPSS
Percentile
19.6%
Summary
IBM MQ Appliance has addressed the following UI message injection vulnerability.
Vulnerability Details
CVEID: CVE-2018-1666
DESCRIPTION: IBM WebSphere DataPower Appliances could allow an authenticated user to inject arbitrary messages that would be displayed on the UI.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144892> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
IBM MQ Appliance 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.11
IBM MQ Appliance 9.1 Long Term Support (LTS) Release
Maintenance levels between 9.1.0.0 and 9.1.0.1
IBM MQ Appliance 9.1.x Continuous Delivery (CD) Release
Continuous delivery updates 9.1.1
Remediation/Fixes
IBM MQ Appliance 8.0
Apply iFix IT27359 , or later.
IBM MQ Appliance 9.1 Long Term Support (LTS) Release
Apply iFix IT27359 , or later.
IBM MQ Appliance 9.1.x Continuous Delivery (CD) Release
Apply iFix IT27359 , or later.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm mq appliance | eq | any |
Related
0.001 Low
EPSS
Percentile
19.6%