Details of VAR-201806-0788

ID

VAR-201806-0788

CVE

CVE-2018-1543

TITLE

IBM WebSphere MQ Vulnerabilities related to certificate validation

Trust: 0.8

sources: JVNDB: JVNDB-2018-007018

DESCRIPTION

IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598. IBM WebSphere MQ Contains a certificate validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 142598 It is released as.Information may be obtained. Multiple IBM Products are prone to an information-disclosure vulnerability

Trust: 1.89

sources: NVD: CVE-2018-1543 // JVNDB: JVNDB-2018-007018 // BID: 104587

AFFECTED PRODUCTS

vendor:	ibm	model:	websphere mq	scope:	eq	version:	8.0	Trust: 2.4
vendor:	ibm	model:	websphere mq	scope:	eq	version:	9.0	Trust: 2.4
vendor:	ibm	model:	websphere mq	scope:	eq	version:	8.0.0.9	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	8.0.0.8	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	8.0.0.7	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	8.0.0.5	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	8.0.0.4	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	8.0.0.3	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	8.0.0.2	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	8.0.0.1	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	8.0.0.0	Trust: 0.3
vendor:	ibm	model:	mq lts	scope:	eq	version:	9.0.0.3	Trust: 0.3
vendor:	ibm	model:	mq	scope:	eq	version:	9.0.0.0	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	ne	version:	8.0.0.10	Trust: 0.3
vendor:	ibm	model:	mq	scope:	ne	version:	9.0.0.4	Trust: 0.3

sources: BID: 104587 // JVNDB: JVNDB-2018-007018 // CNNVD: CNNVD-201806-1351 // NVD: CVE-2018-1543

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2018-1543
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-201806-1351
value:	MEDIUM
Trust: 0.6

NVD:	CVE-2018-1543
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

NVD:	CVE-2018-1543
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 1.8

sources: JVNDB: JVNDB-2018-007018 // CNNVD: CNNVD-201806-1351 // NVD: CVE-2018-1543

PROBLEMTYPE DATA

problemtype:

CWE-295

Trust: 1.8

sources: JVNDB: JVNDB-2018-007018 // NVD: CVE-2018-1543

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-1351

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201806-1351

CONFIGURATIONS

sources: NVD: CVE-2018-1543

PATCH

title:	2016346	url:	https://www-01.ibm.com/support/docview.wss?uid=swg22016346	Trust: 0.8
title:	IBM WebSphere MQ Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81608	Trust: 0.6

sources: JVNDB: JVNDB-2018-007018 // CNNVD: CNNVD-201806-1351

EXTERNAL IDS

db:	NVD	id:	CVE-2018-1543	Trust: 2.7
db:	JVNDB	id:	JVNDB-2018-007018	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-1351	Trust: 0.6
db:	BID	id:	104587	Trust: 0.3

sources: BID: 104587 // JVNDB: JVNDB-2018-007018 // CNNVD: CNNVD-201806-1351 // NVD: CVE-2018-1543

REFERENCES

url:	https://www.ibm.com/support/docview.wss?uid=swg22016346	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/142598	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1543	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1543	Trust: 0.8
url:	http://www.ibm.com/	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg22016346	Trust: 0.3

sources: BID: 104587 // JVNDB: JVNDB-2018-007018 // CNNVD: CNNVD-201806-1351 // NVD: CVE-2018-1543

CREDITS

IBM.

Trust: 0.3

sources: BID: 104587

SOURCES

db:	BID	id:	104587
db:	JVNDB	id:	JVNDB-2018-007018
db:	CNNVD	id:	CNNVD-201806-1351
db:	NVD	id:	CVE-2018-1543

LAST UPDATE DATE

2022-05-04T10:00:41.934000+00:00

SOURCES UPDATE DATE

db:	BID	id:	104587	date:	2018-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-007018	date:	2018-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201806-1351	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-1543	date:	2019-10-09T23:38:00

SOURCES RELEASE DATE

db:	BID	id:	104587	date:	2018-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-007018	date:	2018-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201806-1351	date:	2018-06-28T00:00:00
db:	NVD	id:	CVE-2018-1543	date:	2018-06-27T18:29:00