Vulnerability Details : CVE-2018-1551
IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.
Products affected by CVE-2018-1551
- cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1551
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1551
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST | |
3.1
|
LOW | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N |
1.6
|
1.4
|
IBM Corporation |
CWE ids for CVE-2018-1551
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1551
-
https://www.ibm.com/support/docview.wss?uid=ibm10716113
IBM Security Bulletin: Invalid user group vulnerability in IBM MQ on Unix platform(CVE-2018-1551)Vendor Advisory
-
http://www.securityfocus.com/bid/105040
IBM MQ CVE-2018-1551 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/142888
IBM WebSphere MQ improper access CVE-2018-1551 Vulnerability ReportVendor Advisory;VDB Entry
Jump to