CVE-2016-0394

low

Published 2017-02-01 · Modified 2026-05-13

CVSS v3

3.3

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v2

2.1

VIR risk

3.3

Description

IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.

Predictions

Exploit likelihood

34%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21985013

Application impact

Vendor	Product	Versions
ibm	integration_bus	`9.0`
ibm	integration_bus	`9.0.0.1`
ibm	integration_bus	`9.0.0.2`
ibm	integration_bus	`10.0`
ibm	websphere_message_broker	`8.0`
ibm	websphere_message_broker	`8.0.0.1`
ibm	websphere_message_broker	`8.0.0.2`
ibm	websphere_message_broker	`8.0.0.3`
ibm	websphere_message_broker	`8.0.0.4`
ibm	websphere_message_broker	`8.0.0.5`

References

http://www.ibm.com/support/docview.wss?uid=swg21985013
http://www.securityfocus.com/bid/94577
http://www.ibm.com/support/docview.wss?uid=swg21985013
http://www.securityfocus.com/bid/94577

CWEs

CWE-275

Verify integrity in audit chain (admin only). AS-IS.