CVE-2019-4294

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188.

Published: Aug 20, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-4294
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
ibm / mq_appliance	9.1.0.0	9.1.0.2.x
ibm / mq_appliance	8.0.0.0	8.0.0.12.x
ibm / mq_appliance	9.1.1	9.1.2.x
ibm / datapower_gateway	2018.4.1.0	2018.4.1.6.x
ibm / datapower_gateway	7.6.0.0	7.6.0.15.x
ibm / datapower_gateway	-	2018.4.1.7

https://exchange.xforce.ibmcloud.com/vulnerabilities/160701
https://www.ibm.com/support/docview.wss?uid=ibm10887005
https://www.ibm.com/support/docview.wss?uid=ibm10958933

Vulnerability Database

290,020

CVE-2019-4294