IBME60107A67092FA997C70E38A558E06269A0E897E209BDE897FB5A5FEA07FA5E3Security Bulletin: IBM MQ could allow a local user to inject code that could be executed with root privileges. (CVE-2018-1998)
0.0004 Low
EPSS
Percentile
5.1%
Summary
IBM MQ could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792.
Vulnerability Details
CVEID: CVE-2018-1998 DESCRIPTION: IBM MQ could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154887> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Affected Products and Versions
IBM MQ V8
versions 8.0.0.0 - 8.0.0.10
IBM MQ V9 LTS
versions 9.0.0.0 - 9.0.0.5
IBM MQ V9.1 LTS
versions 9.1.0.0 - 9.1.0.1
Remediation/Fixes
IBM MQ V8
IBM MQ V9 LTS
IBM MQ V9.1 LTS
Workarounds and Mitigations
Follow the Additional Instructions added to the IBM security bulletin for CVE-2018-1792 on 18 December 2018
Related
0.0004 Low
EPSS
Percentile
5.1%