Command Injection Vulnerability in IBM DataPower Gateway and MQ Appliance
CVE-2019-4294

8.4HIGH

Key Information:

Vendor
IBM
Status
MQ Appliance
Datapower Gateway
Vendor
CVE Published:
20 August 2019

Summary

A command injection vulnerability exists in IBM DataPower Gateway and IBM MQ Appliance that could allow a local attacker to execute arbitrary commands within the system. This flaw affects multiple versions of both products, enabling attackers to exploit it and gain unauthorized control, potentially leading to significant security breaches. It is crucial for organizations using these products to assess their environments and apply the necessary patches or mitigations as outlined in IBM's security advisories.

Affected Version(s)

DataPower Gateway 7.6.0.0

DataPower Gateway 2018.4.1.0

DataPower Gateway 2018.4.1.6

References

https://www.ibm.com/support/docview.wss?uid=ibm10887005
x_refsource_CONFIRM
https://www.ibm.com/support/docview.wss?uid=ibm10958933
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/160701
vdb-entryx_refsource_XF

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.