CVE-2019-4294

Summary

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188.

Affected Software

VendorProductVersion RangeStatus
IBMMQ Appliance8.0.0.3affected
IBMMQ Appliance8.0.0.4affected
IBMMQ Appliance8.0.0.5affected
IBMMQ Appliance8.0.0.6affected
IBMMQ Appliance8.0.0.0affected
IBMMQ Appliance8.0.0.8affected
IBMMQ Appliance8.0.0.10affected
IBMMQ Appliance9.1.0.0affected
IBMMQ Appliance8.0.0.11affected
IBMMQ Appliance9.1.0.1affected
IBMMQ Appliance9.1.1affected
IBMMQ Appliance8.0.0.1affected
IBMMQ Appliance8.0.0.7affected
IBMMQ Appliance8.0.0.9affected
IBMMQ Appliance8.0.0.2affected
IBMMQ Appliance8.0.0.12affected
IBMMQ Appliance9.1.0.2affected
IBMMQ Appliance9.1.2affected
IBMDataPower Gateway7.6.0.0affected
IBMDataPower Gateway2018.4.1.0affected
IBMDataPower Gateway2018.4.1.6affected
IBMDataPower Gateway7.6.0.15affected
IBMDataPower GatewayCDaffected

Weaknesses

  • Gain Privileges

ADP Enrichment

CVE Program Container

Additional References

References