CVE-2018-1551Incorrect Permission Assignment in IBM Websphere MQ

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
7.5HIGHNVD
CNA3.1
EPSS
0.2%
top 56.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere MQ
Timeline
PublishedAug 6
Latest updateMay 13

Description

IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

NVDibm/websphere_mq8.0.0.28.0.0.8+1
CVEListV5ibm/websphere_mq11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-62m7-f9pr-4678: IBM WebSphere MQ 82022-05-13
CVEList
CVE-2018-1551: IBM WebSphere MQ 82018-08-06
CVE-2018-1551 — Incorrect Permission Assignment in IBM | cvebase