Improper Access Control in IBM WebSphere MQ
CVE-2018-1551

3.1LOW

Key Information:

Vendor
IBM
Status
Websphere MQ
Vendor
CVE Published:
6 August 2018

Summary

The vulnerability in IBM WebSphere MQ allows users to gain unauthorized access to resources if an administrator assigns an invalid group name to a user. This misconfiguration can lead to significant security risks, as users may operate with elevated permissions beyond their intended authority. Careful management of user groups and regular audits are essential to mitigate the potential impacts.

Affected Version(s)

WebSphere MQ 8.0.0.2

WebSphere MQ 8.0.0.4

WebSphere MQ 8.0.0.3

References

https://www.ibm.com/support/docview.wss?uid=ibm10716113
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/142888
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/105040
vdb-entryx_refsource_BID

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.