CVE-2019-4078Incorrect Permission Assignment in IBM Websphere MQ

CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 81.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Websphere MQIBM MQ
Timeline
PublishedMay 23
Latest updateMay 24

Description

IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDibm/websphere_mq8.0.0.08.0.0.11+3
CVEListV5ibm/mq21 versions+20

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

3
GHSA
GHSA-hpf2-34xr-xh43: IBM WebSphere MQ 82022-05-24
OSV
openldap vulnerabilities2019-08-19
CVEList
CVE-2019-4078: IBM WebSphere MQ 82019-05-23
CVE-2019-4078 — Incorrect Permission Assignment in IBM | cvebase