Vulnerability Description
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Datapower Gateway | < 2018.4.1.7 |
| Ibm | Mq Appliance | >= 8.0.0.0, <= 8.0.0.12 |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/160701Broken LinkVDB Entry
- https://www.ibm.com/support/docview.wss?uid=ibm10887005Vendor Advisory
- https://www.ibm.com/support/docview.wss?uid=ibm10958933Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/160701Broken LinkVDB Entry
- https://www.ibm.com/support/docview.wss?uid=ibm10887005Vendor Advisory
- https://www.ibm.com/support/docview.wss?uid=ibm10958933Vendor Advisory
FAQ
What is CVE-2019-4294?
CVE-2019-4294 is a vulnerability with a CVSS score of 7.8 (HIGH). IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attack...
How severe is CVE-2019-4294?
CVE-2019-4294 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-4294?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Datapower Gateway, Ibm Mq Appliance.