CVE-2008-1592

MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels."

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www-1.ibm.com/support/docview.wss?uid=swg21297035	Patch
http://securitytracker.com/id?1019610
http://secunia.com/advisories/29360
http://www.securityfocus.com/bid/28235
http://www.vupen.com/english/advisories/2008/0869

Advertisement

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:hp:nonstop::::::::
	cpe:2.3:o:tandem_computers:tandem_operating_system:nsk:::::::*

OR	cpe:2.3:a:ibm:websphere_mq:5.1:::::::*
	cpe:2.3:a:ibm:websphere_mq:5.3:::::::*
	cpe:2.3:a:ibm:websphere_mq:5.3.1:::::::*

Information

Published : 2008-03-31 16:44

Updated : 2011-03-07 19:07

NVD link : CVE-2008-1592

Mitre link : CVE-2008-1592

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

tandem_computers

tandem_operating_system

ibm

websphere_mq

hp

nonstop

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21297035", "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21297035", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://securitytracker.com/id?1019610", "name": "1019610", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/29360", "name": "29360", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/28235", "name": "28235", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2008/0869", "name": "ADV-2008-0869", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to \"Pathway panels.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-1592", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2008-03-31T23:44Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:hp:nonstop:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:tandem_computers:tandem_operating_system:nsk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:5.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T03:07Z"}