CVE-2018-1374Improper Input Validation in IBM Websphere MQ

CWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUMNVD
CNA5.3
EPSS
0.2%
top 55.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere MQ
Timeline
PublishedJun 26
Latest updateMay 13

Description

An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/websphere_mq32 versions+31
NVDibm/websphere_mq32 versions+31

🔴Vulnerability Details

2
GHSA
GHSA-p7v8-fc2f-m9f7: An IBM WebSphere MQ (Maintenance levels 72022-05-13
CVEList
CVE-2018-1374: An IBM WebSphere MQ (Maintenance levels 72018-06-26

💬Community

1
Bugzilla
CVE-2018-19497 sleuthkit: Out-of-bounds memory read in hfs_cat_traverse in tsk/fs/hfs.c2018-12-04
CVE-2018-1374 — Improper Input Validation in IBM | cvebase