cvelistv5 - cve-2018-1792

CVE-2018-1792 (GCVE-0-2018-1792)

Vulnerability from cvelistv5

Published

2018-11-13 15:00

Modified

2024-09-16 16:27

Severity ?

8.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

References

URL

Tags

psirt@us.ibm.com	http://www.securityfocus.com/bid/105936	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/148947	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10734447	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105936	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/148947	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10734447	Vendor Advisory

Impacted products

	Vendor	Product	Version
	IBM	MQ	Version: 9.0.1 Version: 9.0.0.1 Version: 9.0.2 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.6 Version: 8.0.0.7 Version: 9.0.0.2 Version: 9.0.3 Version: 9.0.4 Version: 8.0.0.8 Version: 8.0.0.9 Version: 9.0.0.3 Version: 8.0.0.0 Version: 8.0.0.10 Version: 9.0.0.0 Version: 9.0.0.4 Version: 9.0.0.5 Version: 9.0.5 Version: 9.1.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.346Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105936",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105936"
          },
          {
            "name": "ibm-websphere-cve20181792-priv-escalation(148947)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734447"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MQ",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.2"
            },
            {
              "status": "affected",
              "version": "8.0.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.2"
            },
            {
              "status": "affected",
              "version": "8.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.5"
            },
            {
              "status": "affected",
              "version": "8.0.0.6"
            },
            {
              "status": "affected",
              "version": "8.0.0.7"
            },
            {
              "status": "affected",
              "version": "9.0.0.2"
            },
            {
              "status": "affected",
              "version": "9.0.3"
            },
            {
              "status": "affected",
              "version": "9.0.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.8"
            },
            {
              "status": "affected",
              "version": "8.0.0.9"
            },
            {
              "status": "affected",
              "version": "9.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.0"
            },
            {
              "status": "affected",
              "version": "8.0.0.10"
            },
            {
              "status": "affected",
              "version": "9.0.0.0"
            },
            {
              "status": "affected",
              "version": "9.0.0.4"
            },
            {
              "status": "affected",
              "version": "9.0.0.5"
            },
            {
              "status": "affected",
              "version": "9.0.5"
            },
            {
              "status": "affected",
              "version": "9.1.0.0"
            }
          ]
        }
      ],
      "datePublic": "2018-11-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 7.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:H/I:H/PR:L/S:C/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-16T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "105936",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105936"
        },
        {
          "name": "ibm-websphere-cve20181792-priv-escalation(148947)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734447"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-11-12T00:00:00",
          "ID": "CVE-2018-1792",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MQ",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "9.0.0.1"
                          },
                          {
                            "version_value": "9.0.2"
                          },
                          {
                            "version_value": "8.0.0.1"
                          },
                          {
                            "version_value": "8.0.0.2"
                          },
                          {
                            "version_value": "8.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.4"
                          },
                          {
                            "version_value": "8.0.0.5"
                          },
                          {
                            "version_value": "8.0.0.6"
                          },
                          {
                            "version_value": "8.0.0.7"
                          },
                          {
                            "version_value": "9.0.0.2"
                          },
                          {
                            "version_value": "9.0.3"
                          },
                          {
                            "version_value": "9.0.4"
                          },
                          {
                            "version_value": "8.0.0.8"
                          },
                          {
                            "version_value": "8.0.0.9"
                          },
                          {
                            "version_value": "9.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.0"
                          },
                          {
                            "version_value": "8.0.0.10"
                          },
                          {
                            "version_value": "9.0.0.0"
                          },
                          {
                            "version_value": "9.0.0.4"
                          },
                          {
                            "version_value": "9.0.0.5"
                          },
                          {
                            "version_value": "9.0.5"
                          },
                          {
                            "version_value": "9.1.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "L",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105936",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105936"
            },
            {
              "name": "ibm-websphere-cve20181792-priv-escalation(148947)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10734447",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734447"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1792",
    "datePublished": "2018-11-13T15:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T16:27:25.936Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-1792\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2018-11-13T15:29:00.373\",\"lastModified\":\"2024-11-21T04:00:22.860\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.\"},{\"lang\":\"es\",\"value\":\"IBM WebSphere MQ, de la versi\u00f3n 8.0.0.0 a la 8.0.0.10, de la versi\u00f3n 9.0.0.0 a la 9.0.0.5, de la versi\u00f3n 9.0.1 a la 9.0.5 y en la versi\u00f3n 9.1.0.0, podr\u00eda permitir que un usuario local inyecte c\u00f3digo que podr\u00eda ejecutarse con privilegios root. IBM X-Force ID: 148947.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0.0\",\"versionEndIncluding\":\"8.0.0.10\",\"matchCriteriaId\":\"5DD54027-9C8D-40BA-8B88-5BB7665A2DA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0.0\",\"versionEndIncluding\":\"9.0.0.5\",\"matchCriteriaId\":\"C5D73B9F-B40A-4740-8A6E-F9210CBC42E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.1\",\"versionEndIncluding\":\"9.0.5\",\"matchCriteriaId\":\"5D1B1D9B-072B-4BE1-AEE7-73883EC2D753\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_mq:9.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82D7A612-CC28-4DE7-AB76-6866E90A7B3E\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105936\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/148947\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/docview.wss?uid=ibm10734447\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105936\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/148947\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/docview.wss?uid=ibm10734447\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

fkie_cve-2018-1792

Vulnerability from fkie_nvd

Published

2018-11-13 15:29

Modified

2024-11-21 04:00

Severity ?

8.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/105936	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/148947	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10734447	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105936	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/148947	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10734447	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	websphere_mq	*
ibm	websphere_mq	*
ibm	websphere_mq	*
ibm	websphere_mq	9.1.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DD54027-9C8D-40BA-8B88-5BB7665A2DA8",
              "versionEndIncluding": "8.0.0.10",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5D73B9F-B40A-4740-8A6E-F9210CBC42E0",
              "versionEndIncluding": "9.0.0.5",
              "versionStartIncluding": "9.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D1B1D9B-072B-4BE1-AEE7-73883EC2D753",
              "versionEndIncluding": "9.0.5",
              "versionStartIncluding": "9.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_mq:9.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82D7A612-CC28-4DE7-AB76-6866E90A7B3E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947."
    },
    {
      "lang": "es",
      "value": "IBM WebSphere MQ, de la versi\u00f3n 8.0.0.0 a la 8.0.0.10, de la versi\u00f3n 9.0.0.0 a la 9.0.0.5, de la versi\u00f3n 9.0.1 a la 9.0.5 y en la versi\u00f3n 9.1.0.0, podr\u00eda permitir que un usuario local inyecte c\u00f3digo que podr\u00eda ejecutarse con privilegios root. IBM X-Force ID: 148947."
    }
  ],
  "id": "CVE-2018-1792",
  "lastModified": "2024-11-21T04:00:22.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-13T15:29:00.373",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105936"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105936"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734447"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM Case Manager versions 5.3.x antérieures à 5.3.3.0-ICM-IF003
IBM	N/A	IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V versions 8.1.x antérieures à 8.1.6.1
IBM	N/A	IBM MQ versions V8, V9 LTS, V9 CD, V9.1 LTS
IBM	N/A	IBM Contact Optimization versions 9.1.0.x antérieures à 9.1.0.12
IBM	N/A	IBM Connections 5.0 versions antérieures à 5.0 CR4 et sans le correctif temporaire APAR LO94099
IBM	N/A	IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware versions 7.1.x antérieures à 7.1.8.4
IBM	N/A	IBM Case Manager versions antérieures à 5.2.0.4-ICM-IF003
IBM	N/A	IBM Spectrum Protect (formerly Tivoli Storage Manager) Client versions 7.1.x antérieures à 7.1.8.3
IBM	N/A	IBM Case Manager versions 5.2.1.x antérieures à 5.2.1.7-ICM-IF004
IBM	N/A	IBM Spectrum Protect (formerly Tivoli Storage Manager) Client versions 8.1.x antérieures à 8.1.6.1
IBM	VIOS	VIOS versions 2.2.x
IBM	N/A	IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware versions 8.1.x antérieures à 8.1.6.1
IBM	N/A	IBM Connections 5.5 versions antérieures à 5.5 CR3 et sans le correctif temporaire APAR LO94099
IBM	AIX	AIX versions 5.3, 6.1, 7.1 et 7.2
IBM	N/A	IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage for Virtual Environments): Data Protection for Hyper-V versions 7.1.x antérieures à 7.1.8.4
IBM	WebSphere	IBM WebSphere versions 9.0, 8.5, 8.0 et 7.0
IBM	N/A	IBM Connections 6.0 versions antérieures à 6.0 CR3 et sans le correctif temporaire APAR LO94099
IBM	N/A	IBM Contact Optimization versions 9.1.2.x antérieures à 9.1.2.5

References

Title

Publication Time

gsd-2018-1792

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-1792

Aliases

CVE-2018-1792

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1792",
    "description": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.",
    "id": "GSD-2018-1792"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1792"
      ],
      "details": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.",
      "id": "GSD-2018-1792",
      "modified": "2023-12-13T01:22:37.509126Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2018-11-12T00:00:00",
        "ID": "CVE-2018-1792",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MQ",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "9.0.1"
                        },
                        {
                          "version_value": "9.0.0.1"
                        },
                        {
                          "version_value": "9.0.2"
                        },
                        {
                          "version_value": "8.0.0.1"
                        },
                        {
                          "version_value": "8.0.0.2"
                        },
                        {
                          "version_value": "8.0.0.3"
                        },
                        {
                          "version_value": "8.0.0.4"
                        },
                        {
                          "version_value": "8.0.0.5"
                        },
                        {
                          "version_value": "8.0.0.6"
                        },
                        {
                          "version_value": "8.0.0.7"
                        },
                        {
                          "version_value": "9.0.0.2"
                        },
                        {
                          "version_value": "9.0.3"
                        },
                        {
                          "version_value": "9.0.4"
                        },
                        {
                          "version_value": "8.0.0.8"
                        },
                        {
                          "version_value": "8.0.0.9"
                        },
                        {
                          "version_value": "9.0.0.3"
                        },
                        {
                          "version_value": "8.0.0.0"
                        },
                        {
                          "version_value": "8.0.0.10"
                        },
                        {
                          "version_value": "9.0.0.0"
                        },
                        {
                          "version_value": "9.0.0.4"
                        },
                        {
                          "version_value": "9.0.0.5"
                        },
                        {
                          "version_value": "9.0.5"
                        },
                        {
                          "version_value": "9.1.0.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947."
          }
        ]
      },
      "impact": {
        "cvssv3": {
          "BM": {
            "A": "H",
            "AC": "L",
            "AV": "L",
            "C": "H",
            "I": "H",
            "PR": "L",
            "S": "C",
            "SCORE": "8.800",
            "UI": "N"
          },
          "TM": {
            "E": "U",
            "RC": "C",
            "RL": "O"
          }
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Gain Privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "105936",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105936"
          },
          {
            "name": "ibm-websphere-cve20181792-priv-escalation(148947)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947"
          },
          {
            "name": "https://www.ibm.com/support/docview.wss?uid=ibm10734447",
            "refsource": "CONFIRM",
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734447"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.0.10",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.0.5",
                "versionStartIncluding": "9.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.5",
                "versionStartIncluding": "9.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:9.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2018-1792"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10734447",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734447"
            },
            {
              "name": "ibm-websphere-cve20181792-priv-escalation(148947)",
              "refsource": "XF",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947"
            },
            {
              "name": "105936",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105936"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:39Z",
      "publishedDate": "2018-11-13T15:29Z"
    }
  }
}

var-201811-0107

Vulnerability from variot

IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947. Vendors have confirmed this vulnerability IBM X-Force ID: 148947 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attackers may exploit these issues to execute arbitrary-code with root privileges

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0107",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "ibm",
        "version": "9.1.0.0"
      },
      {
        "model": "websphere mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.5"
      },
      {
        "model": "websphere mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.5"
      },
      {
        "model": "websphere mq",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.10"
      },
      {
        "model": "websphere mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "websphere mq",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.0.0.0 to  8.0.0.10"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.0.0.0 to  9.0.0.5"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.0.1 to  9.0.5"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "9.0.4"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "mq cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.5"
      },
      {
        "model": "mq cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "mq cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "mq cd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "mq lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.3"
      },
      {
        "model": "mq lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "mq lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "105936"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011726"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-278"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1792"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ibm:websphere_mq",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011726"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rich Mirch",
    "sources": [
      {
        "db": "BID",
        "id": "105936"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-1792",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-1792",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2018-1792",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.0,
            "id": "CVE-2018-1792",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-1792",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2018-1792",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-1792",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201811-278",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-1792",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-1792"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011726"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-278"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1792"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1792"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947. Vendors have confirmed this vulnerability IBM X-Force ID: 148947 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \nAn attackers may exploit these issues to execute arbitrary-code with root privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1792"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011726"
      },
      {
        "db": "BID",
        "id": "105936"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1792"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1792",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "105936",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011726",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0782",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3122",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4784",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-278",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1792",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-1792"
      },
      {
        "db": "BID",
        "id": "105936"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011726"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-278"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1792"
      }
    ]
  },
  "id": "VAR-201811-0107",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.46875
  },
  "last_update_date": "2024-11-23T20:39:19.214000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "0734447",
        "trust": 0.8,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10734447"
      },
      {
        "title": "ibm-websphere-cve20181792-priv-escalation (148947)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947"
      },
      {
        "title": "IBM MQ Repair measures for library security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86718"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM MQ could allow a local user to inject code that could be executed with root privileges. (CVE-2018-1998)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=72465d2f99054ba61ae311541ab96ff0"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple IBM MQ Security Vulnerabilities Affect IBM Sterling B2B Integrator",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=12d49a0da922bc87e2a67d963391d2c3"
      },
      {
        "title": "security-research",
        "trust": 0.1,
        "url": "https://github.com/mirchr/security-research "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-1792"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011726"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-278"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011726"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1792"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/105936"
      },
      {
        "trust": 1.7,
        "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734447"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1792"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1792"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1137634"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1115109"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/docview.wss?uid=ibm10967151"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10967151"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1115031"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76906"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3122/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4784/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com"
      },
      {
        "trust": 0.3,
        "url": "http://www-4.ibm.com/software/webservers/appserv/"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10734447"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/94.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-could-allow-a-local-user-to-inject-code-that-could-be-executed-with-root-privileges-cve-2018-1998/"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/mirchr/security-research"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-1792"
      },
      {
        "db": "BID",
        "id": "105936"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011726"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-278"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1792"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2018-1792"
      },
      {
        "db": "BID",
        "id": "105936"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011726"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-278"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1792"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-11-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-1792"
      },
      {
        "date": "2018-11-12T00:00:00",
        "db": "BID",
        "id": "105936"
      },
      {
        "date": "2019-01-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-011726"
      },
      {
        "date": "2018-11-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-278"
      },
      {
        "date": "2018-11-13T15:29:00.373000",
        "db": "NVD",
        "id": "CVE-2018-1792"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-1792"
      },
      {
        "date": "2018-11-12T00:00:00",
        "db": "BID",
        "id": "105936"
      },
      {
        "date": "2019-01-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-011726"
      },
      {
        "date": "2019-12-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-278"
      },
      {
        "date": "2024-11-21T04:00:22.860000",
        "db": "NVD",
        "id": "CVE-2018-1792"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "105936"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-278"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM WebSphere MQ Code injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011726"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-278"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2018-23082

Vulnerability from cnvd

Title

IBM MQ库权限提升漏洞

Description

IBM MQ(前称IBM WebSphere MQ)是美国IBM公司的一款消息传递中间件产品。该产品主要为面向服务的体系结构（SOA）提供可靠的、经过验证的消息传递主干网。 IBM MQ库中存在安全漏洞。攻击者可利用该漏洞在系统上提升权限，并以root的权限执行注入的代码。

Severity

高

Patch Name

IBM MQ库权限提升漏洞的补丁

Patch Description

IBM MQ(前称IBM WebSphere MQ)是美国IBM公司的一款消息传递中间件产品。该产品主要为面向服务的体系结构（SOA）提供可靠的、经过验证的消息传递主干网。 IBM MQ库中存在安全漏洞。攻击者可利用该漏洞在系统上提升权限，并以root的权限执行注入的代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接: https://www-01.ibm.com/support/docview.wss?uid=ibm10734447

Reference

https://www-01.ibm.com/support/docview.wss?uid=ibm10734447

Impacted products

Name
['IBM MQ V8 >=8.0.0.0，<=8.0.0.10', 'IBM MQ V9 LTS >=9.0.0.0，<=9.0.0.5', 'IBM MQ V9 CD >=9.0.1，<=9.0.5', 'IBM MQ V9.1 LTS 9.1.0.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1792"
    }
  },
  "description": "IBM MQ(\u524d\u79f0IBM WebSphere MQ)\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u6d88\u606f\u4f20\u9012\u4e2d\u95f4\u4ef6\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u4e3a\u9762\u5411\u670d\u52a1\u7684\u4f53\u7cfb\u7ed3\u6784\uff08SOA\uff09\u63d0\u4f9b\u53ef\u9760\u7684\u3001\u7ecf\u8fc7\u9a8c\u8bc1\u7684\u6d88\u606f\u4f20\u9012\u4e3b\u5e72\u7f51\u3002\n\nIBM MQ\u5e93\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u63d0\u5347\u6743\u9650\uff0c\u5e76\u4ee5root\u7684\u6743\u9650\u6267\u884c\u6ce8\u5165\u7684\u4ee3\u7801\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://www-01.ibm.com/support/docview.wss?uid=ibm10734447",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-23082",
  "openTime": "2018-11-14",
  "patchDescription": "IBM MQ(\u524d\u79f0IBM WebSphere MQ)\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u6d88\u606f\u4f20\u9012\u4e2d\u95f4\u4ef6\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u4e3a\u9762\u5411\u670d\u52a1\u7684\u4f53\u7cfb\u7ed3\u6784\uff08SOA\uff09\u63d0\u4f9b\u53ef\u9760\u7684\u3001\u7ecf\u8fc7\u9a8c\u8bc1\u7684\u6d88\u606f\u4f20\u9012\u4e3b\u5e72\u7f51\u3002\r\n\r\nIBM MQ\u5e93\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u63d0\u5347\u6743\u9650\uff0c\u5e76\u4ee5root\u7684\u6743\u9650\u6267\u884c\u6ce8\u5165\u7684\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM MQ\u5e93\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM MQ V8 \u003e=8.0.0.0\uff0c\u003c=8.0.0.10",
      "IBM MQ V9 LTS \u003e=9.0.0.0\uff0c\u003c=9.0.0.5",
      "IBM MQ V9 CD \u003e=9.0.1\uff0c\u003c=9.0.5",
      "IBM MQ V9.1 LTS 9.1.0.0"
    ]
  },
  "referenceLink": "https://www-01.ibm.com/support/docview.wss?uid=ibm10734447",
  "serverity": "\u9ad8",
  "submitTime": "2018-11-13",
  "title": "IBM MQ\u5e93\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

ghsa-925c-69p2-m4hj

Vulnerability from github

Published

2022-05-13 01:32

Modified

2022-05-13 01:32

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-1792"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-13T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.",
  "id": "GHSA-925c-69p2-m4hj",
  "modified": "2022-05-13T01:32:40Z",
  "published": "2022-05-13T01:32:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1792"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10734447"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105936"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-1792 (GCVE-0-2018-1792)

Vulnerability from cvelistv5

fkie_cve-2018-1792

Vulnerability from fkie_nvd

CERTFR-2018-AVI-539

Vulnerability from certfr_avis

Solution

gsd-2018-1792

Vulnerability from gsd

var-201811-0107

Vulnerability from variot

cnvd-2018-23082

Vulnerability from cnvd

ghsa-925c-69p2-m4hj

Vulnerability from github

Tags

Sightings

Nomenclature