IBM MQ Appliance has addressed the following UI message injection vulnerability.
CVEID: CVE-2018-1666
DESCRIPTION: IBM WebSphere DataPower Appliances could allow an authenticated user to inject arbitrary messages that would be displayed on the UI.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144892> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
IBM MQ Appliance 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.11
IBM MQ Appliance 9.1 Long Term Support (LTS) Release
Maintenance levels between 9.1.0.0 and 9.1.0.1
IBM MQ Appliance 9.1.x Continuous Delivery (CD) Release
Continuous delivery updates 9.1.1
IBM MQ Appliance 8.0
Apply iFix IT27359 , or later.
IBM MQ Appliance 9.1 Long Term Support (LTS) Release
Apply iFix IT27359 , or later.
IBM MQ Appliance 9.1.x Continuous Delivery (CD) Release
Apply iFix IT27359 , or later.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm mq appliance | eq | any |