{"api_version":"1","generated_at":"2026-06-11T19:34:59+00:00","cve":"CVE-2018-1551","urls":{"html":"https://cve.report/CVE-2018-1551","api":"https://cve.report/api/cve/CVE-2018-1551.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-1551","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-1551"},"summary":{"title":"CVE-2018-1551","description":"IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2018-08-06 14:29:00","updated_at":"2019-10-09 23:38:00"},"problem_types":["CWE-732"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/105040","name":"105040","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"IBM MQ CVE-2018-1551 Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/142888","name":"ibm-websphere-cve20181551-improper-access(142888)","refsource":"XF","tags":["VDB Entry","Vendor Advisory"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.ibm.com/support/docview.wss?uid=ibm10716113","name":"https://www.ibm.com/support/docview.wss?uid=ibm10716113","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"IBM Security Bulletin: Invalid user group vulnerability in IBM MQ on Unix platform(CVE-2018-1551)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-1551","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1551","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"1551","vulnerable":"1","versionEndIncluding":"8.0.0.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_mq","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"1551","vulnerable":"1","versionEndIncluding":"9.0.0.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_mq","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","DATE_PUBLIC":"2018-07-31T00:00:00","ID":"CVE-2018-1551","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"WebSphere MQ","version":{"version_data":[{"version_value":"8.0.0.2"},{"version_value":"8.0.0.4"},{"version_value":"8.0.0.3"},{"version_value":"8.0.0.6"},{"version_value":"8.0.0.5"},{"version_value":"8.0.0.7"},{"version_value":"8.0.0.8"},{"version_value":"9.0.0.0"},{"version_value":"9.0.0.1"},{"version_value":"9.0.0.2"},{"version_value":"9.0.0.3"}]}}]},"vendor_name":"IBM"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888."}]},"impact":{"cvssv3":{"BM":{"A":"N","AC":"H","AV":"N","C":"N","I":"L","PR":"L","S":"U","SCORE":"3.100","UI":"N"},"TM":{"E":"U","RC":"C","RL":"O"}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Gain Access"}]}]},"references":{"reference_data":[{"name":"https://www.ibm.com/support/docview.wss?uid=ibm10716113","refsource":"CONFIRM","url":"https://www.ibm.com/support/docview.wss?uid=ibm10716113"},{"name":"ibm-websphere-cve20181551-improper-access(142888)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/142888"},{"name":"105040","refsource":"BID","url":"http://www.securityfocus.com/bid/105040"}]}},"nvd":{"publishedDate":"2018-08-06 14:29:00","lastModifiedDate":"2019-10-09 23:38:00","problem_types":["CWE-732"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6},"severity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0.0","versionEndIncluding":"9.0.0.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.2","versionEndIncluding":"8.0.0.8","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"1551","Ordinal":"117075","Title":"CVE-2018-1551","CVE":"CVE-2018-1551","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"1551","Ordinal":"1","NoteData":"IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"1551","Ordinal":"2","NoteData":"2018-08-06","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"1551","Ordinal":"3","NoteData":"2018-08-09","Type":"Other","Title":"Modified"}]}}}