IBM MQ could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792.
CVEID: CVE-2018-1998 DESCRIPTION: IBM MQ could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154887> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
IBM MQ V8
versions 8.0.0.0 - 8.0.0.10
IBM MQ V9 LTS
versions 9.0.0.0 - 9.0.0.5
IBM MQ V9.1 LTS
versions 9.1.0.0 - 9.1.0.1
IBM MQ V8
IBM MQ V9 LTS
IBM MQ V9.1 LTS
Follow the Additional Instructions added to the IBM security bulletin for CVE-2018-1792 on 18 December 2018