Command Injection Vulnerability in IBM DataPower Gateway and MQ Appliance
CVE-2019-4294
8.4HIGH
Summary
A command injection vulnerability exists in IBM DataPower Gateway and IBM MQ Appliance that could allow a local attacker to execute arbitrary commands within the system. This flaw affects multiple versions of both products, enabling attackers to exploit it and gain unauthorized control, potentially leading to significant security breaches. It is crucial for organizations using these products to assess their environments and apply the necessary patches or mitigations as outlined in IBM's security advisories.
Affected Version(s)
DataPower Gateway 7.6.0.0
DataPower Gateway 2018.4.1.0
DataPower Gateway 2018.4.1.6
References
CVSS V3.1
Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved