CVE-2018-1374: Input Validation
First published: Tue Jun 26 2018(Updated: )
An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere MQ | =7.1 | |
| IBM WebSphere MQ | =7.1.0.1 | |
| IBM WebSphere MQ | =7.1.0.2 | |
| IBM WebSphere MQ | =7.1.0.3 | |
| IBM WebSphere MQ | =7.1.0.4 | |
| IBM WebSphere MQ | =7.1.0.5 | |
| IBM WebSphere MQ | =7.1.0.6 | |
| IBM WebSphere MQ | =7.1.0.7 | |
| IBM WebSphere MQ | =7.1.0.8 | |
| IBM WebSphere MQ | =7.1.0.9 | |
| IBM WebSphere MQ | =7.5 | |
| IBM WebSphere MQ | =7.5.0.1 | |
| IBM WebSphere MQ | =7.5.0.2 | |
| IBM WebSphere MQ | =7.5.0.3 | |
| IBM WebSphere MQ | =7.5.0.4 | |
| IBM WebSphere MQ | =8.0.0.0 | |
| IBM WebSphere MQ | =8.0.0.1 | |
| IBM WebSphere MQ | =8.0.0.2 | |
| IBM WebSphere MQ | =8.0.0.3 | |
| IBM WebSphere MQ | =8.0.0.4 | |
| IBM WebSphere MQ | =8.0.0.5 | |
| IBM WebSphere MQ | =8.0.0.6 | |
| IBM WebSphere MQ | =8.0.0.7 | |
| IBM WebSphere MQ | =8.0.0.8 | |
| IBM WebSphere MQ | =9.0.0 | |
| IBM WebSphere MQ | =9.0.0.0 | |
| IBM WebSphere MQ | =9.0.0.1 | |
| IBM WebSphere MQ | =9.0.0.2 | |
| IBM WebSphere MQ | =9.0.1 | |
| IBM WebSphere MQ | =9.0.2 | |
| IBM WebSphere MQ | =9.0.3 | |
| IBM WebSphere MQ | =9.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1374?
The severity of CVE-2018-1374 is medium with a severity value of 6.5.
Which IBM WebSphere MQ versions are affected by CVE-2018-1374?
IBM WebSphere MQ versions 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4 are affected by CVE-2018-1374.
How can CVE-2018-1374 be exploited?
An attacker can exploit CVE-2018-1374 by having an IBM WebSphere MQ client connect to a Queue Manager, which could cause a SIGSEGV in the Channel process amqrmppa.
What is the IBM X-Force ID for CVE-2018-1374?
The IBM X-Force ID for CVE-2018-1374 is 137775.
Is there a fix available for CVE-2018-1374?
Yes, IBM has released fixes for CVE-2018-1374. Please refer to the provided references for more information.
- collector/nvd-index
- vendor/ibm
- canonical/ibm websphere mq
- version/ibm websphere mq/7.1
- version/ibm websphere mq/7.1.0.1
- version/ibm websphere mq/7.1.0.2
- version/ibm websphere mq/7.1.0.3
- version/ibm websphere mq/7.1.0.4
- version/ibm websphere mq/7.1.0.5
- version/ibm websphere mq/7.1.0.6
- version/ibm websphere mq/7.1.0.7
- version/ibm websphere mq/7.1.0.8
- version/ibm websphere mq/7.1.0.9
- version/ibm websphere mq/7.5
- version/ibm websphere mq/7.5.0.1
- version/ibm websphere mq/7.5.0.2
- version/ibm websphere mq/7.5.0.3
- version/ibm websphere mq/7.5.0.4
- version/ibm websphere mq/8.0.0.0
- version/ibm websphere mq/8.0.0.1
- version/ibm websphere mq/8.0.0.2
- version/ibm websphere mq/8.0.0.3
- version/ibm websphere mq/8.0.0.4
- version/ibm websphere mq/8.0.0.5
- version/ibm websphere mq/8.0.0.6
- version/ibm websphere mq/8.0.0.7
- version/ibm websphere mq/8.0.0.8
- version/ibm websphere mq/9.0.0
- version/ibm websphere mq/9.0.0.0
- version/ibm websphere mq/9.0.0.1
- version/ibm websphere mq/9.0.0.2
- version/ibm websphere mq/9.0.1
- version/ibm websphere mq/9.0.2
- version/ibm websphere mq/9.0.3
- version/ibm websphere mq/9.0.4