Vulnerabilites related to ibm - websphere_mq_managed_file_transfer
cve-2017-1795
Vulnerability from cvelistv5
Published
2018-07-06 14:00
Modified
2024-09-17 02:12
Severity ?
EPSS score ?
Summary
IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22012389 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/137042 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere MQ |
Version: 7.5 Version: 8.0 Version: 9.0.1 Version: 9.0.2 Version: 9.0.3 Version: 9.0.4 Version: 9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:32.307Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012389", }, { name: "ibm-websphere-cve20171795-info-disc(137042)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137042", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebSphere MQ", vendor: "IBM", versions: [ { status: "affected", version: "7.5", }, { status: "affected", version: "8.0", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "9.0", }, ], }, ], datePublic: "2018-05-13T00:00:00", descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "HIGH", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.9, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:L/AV:L/C:H/I:N/PR:H/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-06T13:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012389", }, { name: "ibm-websphere-cve20171795-info-disc(137042)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137042", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-05-13T00:00:00", ID: "CVE-2017-1795", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebSphere MQ", version: { version_data: [ { version_value: "7.5", }, { version_value: "8.0", }, { version_value: "9.0.1", }, { version_value: "9.0.2", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "9.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "H", I: "N", PR: "H", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22012389", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22012389", }, { name: "ibm-websphere-cve20171795-info-disc(137042)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137042", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1795", datePublished: "2018-07-06T14:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-17T02:12:15.902Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-3294
Vulnerability from cvelistv5
Published
2012-08-17 10:00
Modified
2024-08-06 19:57
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21607482 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77180 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securitytracker.com/id?1027373 | vdb-entry, x_refsource_SECTRACK | |
| http://www.exploit-db.com/exploits/20477/ | exploit, x_refsource_EXPLOIT-DB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:57:50.415Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21607482", }, { name: "wmq-fte-csrf(77180)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77180", }, { name: "IC85516", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516", }, { name: "1027373", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1027373", }, { name: "20477", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "http://www.exploit-db.com/exploits/20477/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-08-10T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21607482", }, { name: "wmq-fte-csrf(77180)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77180", }, { name: "IC85516", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516", }, { name: "1027373", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1027373", }, { name: "20477", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "http://www.exploit-db.com/exploits/20477/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2012-3294", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg21607482", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21607482", }, { name: "wmq-fte-csrf(77180)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77180", }, { name: "IC85516", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516", }, { name: "1027373", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1027373", }, { name: "20477", refsource: "EXPLOIT-DB", url: "http://www.exploit-db.com/exploits/20477/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2012-3294", datePublished: "2012-08-17T10:00:00", dateReserved: "2012-06-07T00:00:00", dateUpdated: "2024-08-06T19:57:50.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2012-08-17 10:31
Modified
2024-11-21 01:40
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq | * | |
| ibm | websphere_mq | 7.0 | |
| ibm | websphere_mq | 7.0.0.1 | |
| ibm | websphere_mq | 7.0.1.0 | |
| ibm | websphere_mq | 7.0.2.0 | |
| ibm | websphere_mq | 7.0.2.2 | |
| ibm | websphere_mq | 7.0.4.0 | |
| ibm | websphere_mq_managed_file_transfer | 7.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq:*:*:file_transfer:*:*:*:*:*", matchCriteriaId: "34334B53-0D91-4539-A8C5-F40007E11245", versionEndIncluding: "7.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0:*:file_transfer:*:*:*:*:*", matchCriteriaId: "CCC205E7-DEEF-4217-A0F8-060EA98B6D17", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:file_transfer:*:*:*:*:*", matchCriteriaId: "7FADD25C-32BB-4E6B-B07F-F0E2D45602EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:file_transfer:*:*:*:*:*", matchCriteriaId: "98A1AA9D-F576-43C9-91AD-BC8CEB427A07", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.2.0:*:file_transfer:*:*:*:*:*", matchCriteriaId: "97B0EF19-9684-4AE7-857E-779380B9A825", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.2.2:*:file_transfer:*:*:*:*:*", matchCriteriaId: "38985204-536F-4BD6-A718-B28983FF668A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq:7.0.4.0:*:file_transfer:*:*:*:*:*", matchCriteriaId: "740568A4-24F3-4F58-AC99-442184C9F0C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_managed_file_transfer:7.5:*:*:*:*:*:*:*", matchCriteriaId: "C58B700B-B66E-4B7E-9557-2FB0107F44EE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.", }, { lang: "es", value: "Múltiples vulnerabilidades de falsificación de peticiones en sitios cruzados (CSRF) en el componente de puerta de enlace de web (Web Gateway) de IBM WebSphere MQ File Transfer Edition v7.0.4 y versiones anteriores, y WebSphere MQ - Managed File Transfer v7.5, permiten a atacantes remotos secuestrar la autenticación de usuarios de su elección para las solicitudes que (1) agreguen cuentas de usuario a través de la URI wmqfteconsole/Filespaces, (2) modifiquen los permisos a través de la URI wmqfteconsole/FileSpacePermisssions, o (3) agreguen cuentas de usuario de MQ Message Descriptor (MQMD) a través de la URI wmqfteconsole/UploadUsers.\r\n", }, ], id: "CVE-2012-3294", lastModified: "2024-11-21T01:40:36.017", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-08-17T10:31:52.090", references: [ { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516", }, { source: "psirt@us.ibm.com", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/20477/", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21607482", }, { source: "psirt@us.ibm.com", url: "http://www.securitytracker.com/id?1027373", }, { source: "psirt@us.ibm.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77180", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/20477/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21607482", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1027373", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/77180", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-06 14:29
Modified
2024-11-21 03:22
Severity ?
4.4 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012389 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/137042 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012389 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/137042 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_mq_managed_file_transfer | * | |
| ibm | websphere_mq_managed_file_transfer | * | |
| ibm | websphere_mq_managed_file_transfer | 7.5.0.0 | |
| ibm | websphere_mq_managed_file_transfer | 9.0.1 | |
| ibm | websphere_mq_managed_file_transfer | 9.0.2 | |
| ibm | websphere_mq_managed_file_transfer | 9.0.3 | |
| ibm | websphere_mq_managed_file_transfer | 9.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq_managed_file_transfer:*:*:*:*:*:*:*:*", matchCriteriaId: "0B2A493C-D6E6-4070-9CDE-4EFEB364FF63", versionEndIncluding: "8.0.0.8", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_managed_file_transfer:*:*:*:*:lts:*:*:*", matchCriteriaId: "E89947A3-BFA4-4DFC-95F3-DC9B47EAE785", versionEndIncluding: "9.0.0.2", versionStartIncluding: "9.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_managed_file_transfer:7.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7538DDD1-50C2-4137-A76C-A543E3886C55", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_mq_managed_file_transfer:9.0.1:*:*:*:cd:*:*:*", matchCriteriaId: "A49064A0-8731-4C2C-BED1-F09B81125F35", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_managed_file_transfer:9.0.2:*:*:*:cd:*:*:*", matchCriteriaId: "95EC6CB1-446A-436B-BB8B-77A2846106DB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_managed_file_transfer:9.0.3:*:*:*:cd:*:*:*", matchCriteriaId: "E18ADF29-E47B-4439-A836-46CA4D474E48", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:websphere_mq_managed_file_transfer:9.0.4:*:*:*:cd:*:*:*", matchCriteriaId: "C810ED10-60AB-4AA6-B03A-ED79DAA178EA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.", }, { lang: "es", value: "IBM WebSphere MQ 7.5, 8.0 y 9.0 hasta la versión 9.0.4 podría permitir que un usuario local obtenga información sensible mediante registros de rastreo en IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.", }, ], id: "CVE-2017-1795", lastModified: "2024-11-21T03:22:22.733", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-06T14:29:00.943", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012389", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137042", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012389", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/137042", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }