CVE-2008-1592 — IBM Websphere MQ vulnerability

CWE-2643 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 80.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere MQ

Timeline

PublishedMar 31

Latest updateMay 1

Description

MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels."

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/websphere_mq5.1, 5.3, 5.3.1+2

Patches

Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-qr9h-92cj-24pc: MQSeries 5↗2022-05-01

▶

CVEList

CVE-2008-1592: MQSeries 5↗2008-03-31

▶