PT-2019-17018 · Ibm · Ibm Datapower Gateway+1
Published
2019-08-20
·
Updated
2022-12-09
·
CVE-2019-4294
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM DataPower Gateway versions 2018.4.1.0 through 2018.4.1.6
IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.15
IBM MQ Appliance versions 8.0.0.0 through 8.0.0.12
IBM MQ Appliance versions 9.1.0.0 through 9.1.0.2
IBM MQ Appliance versions 9.1.1 through 9.1.2
Description
A command injection issue could allow a local attacker to execute arbitrary commands on the system.
Recommendations
For IBM DataPower Gateway versions 2018.4.1.0 through 2018.4.1.6, update to a version outside of this range.
For IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.15, update to a version outside of this range.
For IBM MQ Appliance versions 8.0.0.0 through 8.0.0.12, update to a version outside of this range.
For IBM MQ Appliance versions 9.1.0.0 through 9.1.0.2, update to a version outside of this range.
For IBM MQ Appliance versions 9.1.1 through 9.1.2, update to a version outside of this range.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Datapower Gateway
Ibm Mq Appliance