CVE-2017-1699Incorrect Permission Assignment in IBM MQ

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
3.3LOWNVD
EPSS
0.0%
top 91.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM MQIBM Websphere MQ
Timeline
PublishedJan 4
Latest updateMay 13

Description

IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/mq12 versions+11
NVDibm/websphere_mq12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-w674-gwmc-q98r: IBM MQ Managed File Transfer Agent 82022-05-13
CVEList
CVE-2017-1699: IBM MQ Managed File Transfer Agent 82018-01-04
CVE-2017-1699 — Incorrect Permission Assignment in IBM | cvebase