Freely subscribe to our NEWSLETTER

Security Vulnerability

Vigil@nce - IBM WebSphere MQ: multiple vulnerabilities

April 2017 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use several vulnerabilities of IBM WebSphere MQ.

Impacted products: WebSphere MQ.

Severity: 2/4.

Creation date: 21/02/2017.

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in IBM WebSphere MQ.

An attacker can trigger a fatal error via Invalid Channel
Protocol, in order to trigger a denial of service. [severity:2/4;
1998649, CVE-2016-8915]

An attacker can generate a buffer overflow via Channel Data
Conversion, in order to trigger a denial of service, and possibly
to run code. [severity:2/4; 1998661, CVE-2016-3013]

An attacker can trigger a fatal error via MQXR Listener, in order
to trigger a denial of service. [severity:2/4; 1998648,
CVE-2016-8986]

An attacker can bypass security features via Java Clients, in
order to obtain sensitive information. [severity:2/4; 1998660,
CVE-2016-3052]

An attacker can force a read at an invalid address via
Administration Command, in order to trigger a denial of service,
or to obtain sensitive information. [severity:2/4; 1998663,
CVE-2016-8971]

An attacker can trigger a fatal error via Cluster Channel
Definition, in order to trigger a denial of service.
[severity:2/4; 1998647, CVE-2016-9009]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/IBM-WebSphere-MQ-multiple-vulnerabilities-21920

Subscribe

Freely subscribe to our NEWSLETTER

See previous articles

See next articles

Security Vulnerability

All our news in english

Alle unsere News auf deutsch

Your podcast Here

All new podcasts

Global Security Mag Copyright 2011