CVE-2019-4078

Published: May 23, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190.

Affected (4)

Products: Ibm: Websphere Mq

Ibm

1 product

Websphere Mq

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Websphere Mq	From 8.0.0.0 to 8.0.0.11
Ibm Websphere Mq	From 9.0.0.0 to 9.0.0.5
Ibm Websphere Mq	From 9.1.0.0 to 9.1.0.1
Ibm Websphere Mq	Version 9.1.1

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/157190

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/docview.wss?uid=ibm10872876

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/157190

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/docview.wss?uid=ibm10872876

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.