Lucene search

IBMFC2F1CF6F20343D30D72DB1F23BD98369AC84722D1CC594893FFA3F04E29FE01

HistoryNov 08, 2019 - 12:01 p.m.

Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack due to incorrect permissions on MQ directories. (CVE-2019-4078)

2019-11-0812:01:40

www.ibm.com

0.0004 Low

EPSS

Percentile

12.7%

JSON

Summary

IBM MQ server or client installations on Microsoft Windows could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories.

Vulnerability Details

CVEID: CVE-2019-4078 DESCRIPTION: IBM MQ could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157190> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM MQ V8

versions 8.0.0.0 - 8.0.0.11

IBM MQ V9 LTS

versions 9.0.0.0 - 9.0.0.5

IBM MQ V9.1 LTS

versions 9.1.0.0 - 9.1.0.1

IBM MQ V9.1 CD

version 9.1.1

Remediation/Fixes

IBM MQ V8

Apply FixPack 8.0.0.12

IBM MQ V9 LTS

Apply FixPack 9.0.0.6

IBM MQ V9.1 LTS

Apply FixPack 9.1.0.2

IBM MQ V9.1 CD

Upgrade to version 9.1.2

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm mqeq8.0.0.0
ibm mqeq8.0.0.1
ibm mqeq8.0.0.2
ibm mqeq8.0.0.3
ibm mqeq8.0.0.4
ibm mqeq8.0.0.5
ibm mqeq8.0.0.6
ibm mqeq8.0.0.7
ibm mqeq8.0.0.8
ibm mqeq8.0.0.9

Name	Operator	Version
ibm mq	eq	8.0.0.0
ibm mq	eq	8.0.0.1
ibm mq	eq	8.0.0.2
ibm mq	eq	8.0.0.3
ibm mq	eq	8.0.0.4
ibm mq	eq	8.0.0.5
ibm mq	eq	8.0.0.6
ibm mq	eq	8.0.0.7
ibm mq	eq	8.0.0.8
ibm mq	eq	8.0.0.9

Rows per page:

1-10 of 211

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for FC2F1CF6F20343D30D72DB1F23BD98369AC84722D1CC594893FFA3F04E29FE01