IBM Security Bulletin: Invalid user group vulnerability in IBM MQ on Unix platform(CVE-2018-1551)

IBM MQ could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name.

CVE(s): CVE-2018-1551

Affected product(s) and affected version(s):

IBM MQ v8.0.0.2 to 8.0.0.8

IBM MQ 9.0.0.0 to 9.0.0.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10716113
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/142888

The post IBM Security Bulletin: Invalid user group vulnerability in IBM MQ on Unix platform(CVE-2018-1551) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2ADH5qj