CVE-2018-1551

Published: Aug 6, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.

Affected (2)

Products: Ibm: Websphere Mq

Ibm

1 product

Websphere Mq

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Websphere Mq	From 8.0.0.2 to 8.0.0.8
Ibm Websphere Mq	From 9.0.0.0 to 9.0.0.3

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (6)

http://www.securityfocus.com/bid/105040

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/142888

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/docview.wss?uid=ibm10716113

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/105040

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/142888

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/docview.wss?uid=ibm10716113

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.